From the Official Google Blog for those who can’t access the blog from China:
A new approach to China
1/12/2010 03:00:00 PMLike many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.
We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve’s blog and this presentation on the GhostNet spying incident.
We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China’s economic reform programs and its citizens’ entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.
We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that “we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.”
These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer
中文翻译:
像许多其他著名组织一样,谷歌也经常面临不同程度的黑客攻击.12月中旬,我们侦测到一个针对企业基础设施的高度复杂和有目标的攻击.这次攻击源自中国,并导致谷歌的知识财产被窃取.但是,不久后我们发现起初貌似仅仅只是次安全事故(尽管很重大)的这次攻击,其实大有不同.
首先,这次攻击不仅仅是针对谷歌.作为调查的一部分,我们发现至少20家其他各行业(包括互联网,财经,技术,媒体和化学等行业)的大型公司也类似地成为攻击目标.我们目前正在告知这些公司,并与相关美国政府机构合作.
第二,我们有证据显示袭击者的首要目标是进入中国人权活动家的Gmail帐号.根据目前的调查我们相信他们的攻击并未达成这个目标.只有2个Gmail帐号被攻入,但活动仅限于帐号信息(比如何时创建的Gmail帐号)和邮件标题栏,而邮件内容本身是安全的.
第三,作为本次调查中与谷歌被袭无关的部分,我们发现若干美国,中国和欧洲的倡导中国人权的Gmail用户的帐号经常性地被第三方访问.这些账户并未因谷歌的安全漏洞被进入,更可能通过钓鱼诈骗或在用户电脑上安插恶意软件实现.
我们利用从这次攻击中收集到的信息进行基础设施和竞购性的改进以加强谷歌和谷歌用户的安全.
我们采取非同寻常的措施:与广大受众分享有关近期袭击的信息.因为我们发掘出事件的安全和人权方面的意义,也因为这些信息直指全球范围内关于言论自由辩论的核心.过去20年,中国的经济改革和中国公民的企业家才能帮数亿中国人走出贫困.这个伟大的国家的确是当今世界经济发展进步的中心.
为中国人民增加接触信息途径和一个更开放的互联网带来的益处压倒了我们对删减搜索结果的不适,带着这个信念,我们在2006年1月开办了Google.cn.当时我们澄清”我们会小心监察中国的状况,包括新的法律和其他对我们服务的限制.如果我们认定我们无法达成实现勾勒出的目标,我们会毫不犹豫地重新考虑进入中国的方式.”
近日的袭击和这些袭击所暴露的监视行为,以及和过去一年里进一步限制网上自由言论的努力,使我们做出结论:我们应该重新审视我们在华业务的可行性.我们决定我们不再自愿删减Google.cn的搜索结果,未来几周我们会和中国政府讨论在法律范围内我们以何种基础来经营一个未经过滤的搜索引擎,如果谷歌还在中国有搜索引擎业务的话.我们清楚这可能意味着不得不关闭Google.cn,还可能撤出在中国的办公室.
这个决定对我们异常艰难,我们清楚这决定意义深远.我们想要澄清这次行动由谷歌在美国的管理人员推动,谷歌在中国的雇员并无知晓和参与.他们用难以置信的努力使Google.cn成为今天的成功.我们将专注于负责任地解决这些棘手的问题.
First of all, I applaud Google’s decision to fight the Chinese government on the issue of search censorship; however, I don’t see China backing down on the censorship issue and I don’t see Google completely pulls its operations from China. It would be interesting to see how this plays out.
On a side note, this is just despicable:
The search term was Tiananmen (天安门) and the note at the end of the search page translates to: Due to local government regulations, some results are not shown.