FEBRUARY 4, 2010
Google Working With NSA to Investigate Cyber Attack
By SIOBHAN GORMAN and JESSICA E. VASCELLARO
Officials at the National Security Agency have been working with Google Inc. to investigate the cyber attacks that Google announced publicly last month, according to people familiar with the investigation.
The partnership began weeks ago, when the Internet company began sharing details about the attack with different government agencies, including its belief that the attack originated in China and affected more than 20 companies.
Google said it would respond to the attack by ending its censorship of search results in China – a move it has yet to make amid continuing discussions with Chinese officials. Google's chief executive Eric Schmidt said recently that the Internet company doesn't want to back out of China but wants to be there on "different terms."
A Google spokeswoman declined to comment beyond the company's earlier statement that it was "working with the relevant U.S. authorities." An NSA spokeswoman said in a statement that "NSA is not able to comment on specific relationships we may or may not have with U.S. companies." She added that, "NSA works with a broad range of commercial partners and research associates" to ensure the security of the government's national security computer networks.
Companies have been wary of working with the NSA in the wake of revelations that agency engaged in domestic surveillance without a warrant during the George W. Bush administration. Addressing this private-sector anxiety is one of the largest challenges facing the White House's new cyber chief Howard Schmidt.
"There are clear benefits to both Google and to NSA of this kind of cooperation," James Mulvenon, intelligence research director at Defense Group Inc. a national security firm. Google can use information from NSA to bolster its computer security, and NSA can use Google's information to fill out their understanding of the evolving threat to computer security, he said.
NSA officials had only heard rumors about the Google attack before the company announced it publicly, said one person familiar with the investigation.
While the Federal Bureau of Investigation could begin immediately on its criminal investigation, the NSA had to draft a legal agreement to begin sharing share information with Google.
The NSA's general counsel began drafting what's known as a cooperative research and development agreement the day Google announced the breach, according to a people familiar with the investigation.
The agreement was finalized within 24 hours, but the flow of information was still limited, according to a person familiar with the investigation. It allowed the NSA to examine some of the data related to the intrusion into Google's systems but also included provisions to protect customer privacy, they said.
As a result, some intelligence officers attempting to get a better understanding of the nature and scope of the attack resorted to tapping their own backchannel contacts and twisting arms to get information, said a person familiar with the investigation.
Write to Siobhan Gorman at siobhan.gorman@wsj.com and Jessica E. Vascellaro at jessica.vascellaro@wsj.com