[lawnchair_larry]

They weren't actually. Google lied about that. It came out later that the real reason for the Chinese hacking gmail was to see which accounts had "lawful intercept" on them so they would know if their own spies had their cover blown. If the US knew about their spies, it was assumed that they would see the US sniffing the spies gmail accounts.

http://articles.washingtonpost.com/2013-05-20/world/39385755...

[magicalist]

> Google lied about that

Huh? There's nothing in the Post's information that would preclude both from having happened, so it's would be a stretch to call it a lie even from that article. But in fact, the original blog post[1] talks about multiple goals of the main attack, including listing the targeted attack that the GP is probably referencing as independent from the attack that "resulted in the theft of intellectual property from Google". I think it's you that's confusing incidents.

> Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.

edit: ah, and the GP wasn't even talking about the gmail accounts.

[1] http://googleblog.blogspot.com/2010/01/new-approach-to-china...

[tantalor]

I was referring to the NYT attacks,

http://www.nytimes.com/2013/01/31/technology/chinese-hackers...

Also, what kind of spy uses gmail? Sheesh.

[Amadou]

Also, what kind of spy uses gmail? Sheesh.

The kind that is trying to maintain cover as a non-spy so uses the same email services as everybody else.

[tantalor]

Sure but only an idiot uses their personal email account for work, right? Especially if your work can get you killed.

[kbenson]

The point being made isn't that they would send sensitive data using gmail, it's that if they were compromised the NSA would most likely be reading the emails, and hacking Google would theoretically let the Chinese know if cover was blown if they could see evidence of the NSA listening in.

Of course, that means the joke's on them, because the NSA was listening to everyone...

[ithkuil]

how would you know whether NSA was listening in (for example by tapping google's links between datacenters) or not even if you successfully hack into Google's infrastructure? Not finding evidence of eavesdropping doesn't exclude that eavesdropping happened, so if that was the only purpose to hack Google, it doesn't seem worth the effort.

On the other hand if you want to read people's mail, then hacking into the provider is certainly an option.

[kbenson]

I'm not sure I necessarily buy that explanation either, but I don't know enough of the facts of this particular story to know where it falls down or is supported.

On the other hand, we don't really know what the Chinese knew, or thought they knew, about Google and how it functioned WRT government surveillance. If they had reason to believe that Google would be cooperating with authorities and would have infrastructure in place to monitor email accounts that they could look for and identify if it was monitoring the accounts they were looking for, then this explanation makes a bit more sense.