China blasts Google security move as ‘unacceptable’
The reprimand from the China Internet Network Information Centre (CNNIC) came after Google said the agency was implicated in an online security vulnerability and the firm was revoking its trust in its Internet certificates.
“The decision that Google has made is unacceptable and unintelligible to CNNIC, and meanwhile CNNIC sincerely urge that Google would take users’ rights and interests into full consideration,” CNNIC said in a statement posted on its website.
The row marks the latest escalation of tensions between Beijing and Google.
The California-based tech firm withdrew from China in 2010 over censorship issues, and the two have continued to have a turbulent relationship, with Beijing moving last year to fully block Google’s hugely popular Gmail service.
China operates the world’s most extensive and sophisticated Internet censorship system, known as the “Great Firewall”.
A Google security engineer wrote on the company’s online security blog last week that CNNIC and a firm called MCS Holdings had been found to have issued “unauthorised digital certificates for several Google domains”.
The “misissued certificates would be trusted by almost all browsers and operating systems”, he said, describing the resulting vulnerability as a “serious breach” of the Internet certificate authority system.
Microsoft and Mozilla, owner of the popular Firefox web browser, also announced they were revoking trust in all MCS certificates.
The Google posting was updated Wednesday to note that CNNIC’s certificates “will no longer be recognised in Google products” adding that the Chinese organisation was “welcome… to reapply once suitable technical and procedural controls are in place”.
An anti-censorship group, GreatFire.org – which has accused Beijing of attacking its services — said the original revelation was evidence that CNNIC had been “complicit” in so-called man-in-the-middle operations.
Such attacks involve an unauthorised intermediary inserting themselves between computer users and their online destinations, usually undetected, allowing them to harvest data including passwords.
CNNIC has denied that it was directly involved and said the incident took place when MCS Holdings “improperly issued” certificates that were “only used for internal tests in its laboratory, which is a protected environment”.
China’s foreign ministry also dismissed the accusations, with spokeswoman Hua Chunying telling reporters that “all parties should abandon accusing each other without proof”.
Beijing frequently describes itself as a victim of hacking. -AFP