Google may have been particularly vulnerable because all of its technology is online and networked, said Marc Rotenberg, executive director of the Electronic Privacy Information Center.
On Wednesday, Google said it would improve security for Gmail users by encrypting data to its servers. Such steps are crucial for Google, whose business hinges on its ability to protect its users' privacy and maintain their trust, said Collins Stewart analyst Sandeep Aggarwal.
"Commercial organizations can rarely defend themselves against sophisticated government attacks," said Phil Lieberman, chief executive of Lieberman Software, a Los Angeles security software firm.
Last week, a Santa Barbara software maker filed a $2.2-billion lawsuit against the Chinese government and several Chinese technology firms, accusing them of conspiring to steal and disseminate the U.S. firm's Internet filtering technology.
The Los Angeles law firm representing Cybersitter in the lawsuit said Thursday that it was besieged by similar cyber attacks originating in China. On Monday evening its lawyers began receiving 10 different Trojan horse e-mails designed to retrieve information from its computers, said Gregory Fayer, an attorney at Gipson Hoffman & Pancione. The law firm has turned over the e-mails to the FBI, which is investigating, Fayer said.
After Google's announcement, Adobe Systems Inc. and Rackspace Hosting Inc. also reported attacks.
A national priority
Early last year, President Obama identified protecting computer networks in the private and public sectors as a national security priority. But bureaucratic infighting among law enforcement and intelligence agencies and disagreements with business interests about the role of government in controlling the Internet delayed naming a White House cyber-security "czar."
In December, Obama appointed Howard Schmidt, a former chief security executive at Microsoft with 31 years' experience in law enforcement and the military, to the post.
How to protect the nation's cyber infrastructure, largely in private sector hands, from alleged state-sponsored attacks has become a matter of intensifying debate in Washington, analysts say.
The U.S. has no formal policy for dealing with such attacks. Renewed attention could help shape policy and smooth passage of legislation, analysts said.
"This highlights a core dilemma for the U.S. cyber strategy," Mulvenon said. "What can the U.S. government do to defend Google? Really not very much."
Times staff writer W.J. Hennigan contributed to this report.