The U.S. State Department says it will lodge a formal complaint with Chinese officials next week about the hacking attacks on Google's e-mail service in China.

Spokesman P.J. Crowley says the U.S. also will demand an explanation from China about how the hacking happened and what the Beijing government intends to do about it.

Google has said it will stop censoring Internet search results in China and might close its China-based Google.cn site because of the hacking problem.

What the cyber-attack from China means[color=#770077][/color]

Gregory Fayer opened an e-mail on Monday night that looked like it was from a fellow lawyer at Gipson Hoffman & Pancione. Instead, it was a message that placed Fayer and his firm in the middle of what might be the biggest international cyber-conflict to date.

This week, search engine giant Google disclosed that it had also been a victim of cyber-attacks from China, and has taken the bold step of threatening to shut down the Chinese version of its search engine. On Thursday, computer security firm VeriSign said it had traced the Google attacks back to "to a single foreign entity consisting either of agents of the Chinese state or proxies thereof," and that 30 companies were targeted.


Fayer's law firm is likely one of those victims, as the technique used against it is similar to the Google attack. The e-mail Fayer received was laced with a computer virus intended to allow the sender to spy on Fayer's computer; a blatant act of espionage, he said. But Fayer wasn't terribly surprised. Last week, his firm filed a blockbuster lawsuit against the Chinese government on behalf of CyberSittter LLC, which makes parental control software. CyberSitter says the Chinese stole its computer code while creating the infamous Green Dam censorship program, which was designed to be placed on every Chinese citizen's PC last year. After a backlash, the government decided to make installation optional.

"Our law firm was certainly on high alert because of the lawsuit," he said. "This is somewhat to be expected when you file a high-profile lawsuit against the government of China.”

Fayer said he couldn't share much information about the e-mail, as FBI officials are investigating the incident. But it was designed to look like part of a normal electronic chat with a colleague.

"I was the first recipient at the firm," he said. "But there have actually been three waves of these customized e-mails.They'd each been made to look like they had a different sender, and a different pretense for the links or attachments embedded in the e-mails." The cybercriminal was clearly moving down a list of potential contacts at the firm, looking for someone to take the bait, he said.

"The program was designed to go in and get information from our servers and computers and sent it back to the sender," he said.

Computer researchers call the technique "spear phishing." Rather than flooding a firm with thousands of spam-like phishing e-mails hoping to dupe dozens of victims, the new technique involves very specific, targeted notes designed to fool one victim at a time – and then use that computer to spy on the target agency or steal data.

While Fayer could say little about the potential agent behind the attack, he said the firm assumed that "the timing of the e-mail attacks are not a coincidence."

No lawyers fell for the trick, Fayer said, and he did not believe any information had been stolen.

The alleged attacks from China are troubling on many fronts. On Thursday, security firm McAfee released a report saying the program used to target U.S. firms involved a so-called "zero day" vulnerability -- one that was to this point unknown to the security community, and thus indefensible by anti-virus software. The flaw involved Microsoft's Internet Explorer, McAfee said. Microsoft says it is working quickly to provide a software patch.

But the malicious software attacks other software flaws too, McAfee said, adding this ominous note: "There very well may be other attack vectors that are not known to us at this time."

"These highly customized attacks known as advanced persistent threats were primarily seen by governments and the mere mention of them strikes fear in any cyberwarrior,” wrote McAfee's George Kurtz in a blog post today. “They are in fact the equivalent of the modern drone on the battle field. With pinpoint accuracy they deliver their deadly payload and once discovered - it is too late…All I can say is wow. The world has changed. Everyone's threat model now needs to be adapted to the new reality of these advanced persistent threats. In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property."

Mark Rasch, former head of the Department of Justice computer crime unit, called the attacks “cyberwarfare,” and said it was clearly an escalation of digital conflict between China and the U.S.

“At least it’s an escalation of the rhetoric, and that’s an escalation,” he said. “War is the extension of politics by other means, and the Internet is the extension of politics, and this is a form of cyberwarfare.”

While isolated examples of government-sponsored hacking have popped up through the years, Rasch – who now runs Bethesda, Md.-based security consulting firm FTI - says this week’s incidents of alleged Chinese attacks are “new in the sense that they’ve been so blatant,” and apparently so widespread, ranging from attempts to read dissidents’ e-mails to spying on a legal adversary.

“We’ve had attacks in the past but by and large they were done in a way that gave the country plausible deniability,” said Rasch. “But this was different. This was fairly clearly a government-run operation.”

China has yet to directly address the allegations. At a regular press briefing in Beijing on Thursday, Foreign Ministry spokeswoman Jiang Yu said only “The Chinese government administers the Internet according to law and we have explicit stipulations over what content can be spread on the Internet,” according to the Bloomberg news service.