China’s relationship with Google has been unstable for a long time, but the poor links between the two have intensified after the technology company said it no longer recognises Chinese certificates of trust on web pages.
Google said in an official security blog that the Chinese agency allowed Cairo-based MCS Holdings to issue unauthorised certificates for Google domains.
Chinese Internet regulator the China Internet Network Information Centre said in a statement that the decision not to recognise its certificates of trust is “unacceptable” and “unintelligible”, leading to all eyes being on Google to see what it does next.
Google is thought to be losing out on billions of dollars in advertising revenue as a result of the search engine being blocked in China. Privacy concerns originally led to Google pulling out of China in 2010.
The search market is growing rapidly in China but firewalls are keeping western companies such as Google out, intensifying the debate over internet security in the east. It is expected that search spending in China will exceed the US in the near future.
China and neighbours such as North Korea have long been accused of masterminding cyber attacks on major western companies, even though the countries deny any involvement.
Code-sharing website Github is one such company to have been a victim of an attack. With the site being a forum for software developers that also hosts tools that are employed by Chinese internet users to bypass censorship, the attack was particularly notable.
Greatfire.org monitors Chinese internet censorship and the organisation’s representative Charlie Smith said action on Chinese attacks has been needed for a year.
He told the Financial Times: “The Chinese authorities have maliciously been using their power as a certificate authority to launch dangerous attacks that compromise sensitive user information across many foreign media platforms.”
Adam Fisk of Getlantern.org, which offers tools to circumvent internet blocks in China, added that the attack on Github “probably made Google’s security team more prone to make this move, but just the fact that there were bogus intermediary certificates issues at all with CNNIC should be enough to warrant what Google did”.