China on Thursday rejected claims by Google that hackers based on the mainland tried to break into hundreds of e-mail accounts including those of senior officials in several countries.
“Blaming these misdeeds on China is unacceptable,” said Hong Lei, a foreign ministry spokesman, at the ministry’s regular press conference.
Google on Wednesday said it had uncovered a campaign run from inside China to secretly monitor the e-mails of hundreds of senior US government figures, South Korean officials and other users of its Gmail service.
The claim, made in a company blog post, marks the most serious allegation of China-based internet intrusion since the search company revealed in January last year that its own systems had been successfully hacked. It cited that breach in its decision to end its self-censorship in China, eventually leading it to relocate its local search service to Hong Kong.
In keeping with Beijing’s standard response to such accusations, Mr Hong said: “Hacking is an international problem and China is also a victim. The claims of so-called support for hacking are completely unfounded and have ulterior motives.”
In an echo of last year’s incident, Google said the latest attack “appears to originate from Jinan, China”.
Lanxiang vocational school in Jinan is one of the locations to which the previous attack was traced, US investigators have said. The school has denied any involvement.
This time, Google laid the blame for the latest security intrusions on phishing attacks or other similar techniques that had been used to trick e-mail users into giving away their passwords, rather than any breach in its own systems.
While the company did not speculate in its blog post about the purpose of the campaign, the range of people targeted and the nature of the attack appeared to indicate political motivation.
Google said that the Gmail users whose accounts had been penetrated included “senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists”.
A White House spokesman said: “We’re looking into these reports and are seeking to gather the facts. We have no reason to believe that any official US government e-mail accounts were accessed.”
The targets echoed last year’s hacking attack, which Google said at the time was aimed among other things at gaining access to dissidents’ e-mail accounts.
Commenting on the latest campaign, Google said: “The goal of this effort seems to have been to monitor the contents of these users’ e-mails, with the perpetrators apparently using stolen passwords to change people’s forwarding and delegation settings.”
Changing the account settings without the users’ knowledge would have let the perpetrators forward copies of all the messages in the account to their own system undetected.
To tighten the security of its consumer e-mail accounts, Google introduced a new, two-factor verification system in February that it said would have provided users with a warning when their accounts were being accessed illicitly.
Security has become an increasing preoccupation for top Google executives since the earlier attack, which was presumed by US officials to have come from groups working on behalf of the Chinese military or top government officials. One of the main priorities of Sergey Brin, Google co-founder, has been to work on a big security project, Eric Schmidt, executive chairman, said on Tuesday.
Many of the worst cyber-spying breaches at big US companies began with e-mails tailored to specific executives with seemingly innocuous attachments. The attachments contained hidden programs that gave hackers access to corporate networks.
Additional reporting by Daniel Dombey in Washington