A new approach to China

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.

We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve's blog and this presentation on the GhostNet spying incident.

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.

We launched in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China."

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer



由Google高级副总裁、公司发展兼首席法律顾问大卫•多姆德(David Drummond)执笔的官方博文“新的中国策略”(A new approach to China)指出,Google业务系统遭受到来自中国有针对性的攻击,导致知识产权被盗,Google在2006年进入中国,是为了让中国人能够在更加开放的互联网中获取信息,基于这种理念,Google可以容忍部分审查,但Google会密切注视中国新的法律对Google服务的限制情况,现在Google已经确认,Google已经到了重新考虑评估中国业务运营可行性的时候了。


看来,中国的互联网环境之恶劣,连国际互联网巨头Google都无法忍受了,Google的这个决定首次对中国的互联网政策说了声“不”。如果未来Google真的撤出中国,不仅仅Google会损失掉中国的业务,中国自身的经济发展也会受到冲击,国际形象会有负面影响,对于广大依靠Google AdSense业务生存的个人网站来说也是致命一击,中国的个人网站可能真的要走向灭亡了。



附录:读者Jason Liu翻译的Google官方博客文章:新的中国策略 (A new approach to China)



第二.我们有证据显示这些黑客的主要目标是获取中国人权活动家(Chinese human rigths activists)们的gmail账号信息.调查显示这些黑客并没有达到他们的目的。只有两个账户似乎被侵入,但是仅得到了账户的一般信息(比如说账户 是何时建立的)和邮件的标题,并没有得到邮件的内容。


我们已经通过这次攻击所收集到的信息对我们的架构做出了修正以提升google和 我们用户的安全。对于个人用户来说,我们推荐用户安装知名的杀毒软件和反间谍程序,为自己的操作系统打上最新的补丁,升级自己的浏览器,始终小心处理im 和email中的链接,在网络上被要求告知个人信息比如密码时保持警惕。你可以通过这里获取我们关于网络安全的建议。希望了解关于这些网络攻击的种类的人 可以阅读这份美国政府报告(pdf), Nart Villeneuve 的blog 还有这份这份关于ghostnet间谍事件的介绍(wiki上有介绍,跟咱中国又有关系).

我们已经采取了非常规的手段--与广大的相关人士交流这次攻击的信息,这样做不仅仅是因为这次事件中我们发掘出来的安全和人权问题,更重要的是这件事的 核心其实是全世界关于言论自由的讨论.在过去的20年中,中国的经济改革和人民的商业头脑使中国数以亿计的中国人脱离了贫困.在当今世界,这个巨大的国家 是整个世界经济发展的中心。




David Drummond, 企业发展部高级副总裁 首席法务官



< <上一篇