Google: A new approach to China

1/12/2010 03:00:00 PM

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.

We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve's blog and this presentation on the GhostNet spying incident.

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.

We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China."

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer

中文翻譯

一如其他知名大企業一樣，我們（Google）經常會受到程度不等的網路攻擊。在去年12月中旬，我們發現自家企業基礎設施遭到來自中國十分高明且針對性的攻擊，導致Google有些智慧財產權資料遭竊。不過我們後來很快發現，原來這不是一起單純的資安意外（雖然很重大），而是另有計謀。

首先，這起攻擊不僅只針對Google。我們調查發現，至少還有其他20家大企業也同樣受到攻擊，這涵蓋網際網路、金融業、科技界、媒體業與化工產業，我們目前已經開始通知這些受害企業，同時也配合美國相關單位進行調查。

其次，我們有證據顯示，這些攻擊的首要目標是要取得中國人權運動份子的Gmail帳號。根據我們至今的調查，我們相信攻擊者應該沒有達成這個目標。他們只成功侵入兩個Gmail帳號，且僅限於帳號資訊（比如帳號設立日期等）與主旨欄，但沒有存取到郵件的內容。

第三，我們在調查過程中也發現（獨立於Google攻擊事件之外），不少美國、中國、與歐洲的Gmail用戶都會固定被外人入侵，這些受害者全都與鼓吹中國人權有關。這些Gmail帳號之所以被入侵並非Google伺服器被破解，而是很可能受害者電腦被值入惡意程式或遭釣魚詐騙。

我們已經根據這次的攻擊來強化自家基礎建設與架構更新，保障Google與用戶的安全。對於個別用戶，我們建議大家必須在電腦安裝有口碑的防毒與防間諜程式、定期更新作業系統與瀏覽器的修補程式。點選即時通或e-mail連結時務必小心、若被要求填寫個人資訊（比如密碼）更要提高警覺。有關我們的網路資安建議，請參考這裡。若你想瞭解更多與這類攻擊有關的資訊，請參見美國政府報告（PDF檔）、Nart Villeneuve的部落格，以及 GhostNet 監控事件的報告。

我們之所以刻意把這些攻擊事件公開，不僅是因為涉及資安與人權議題，還因為此事直指全球自由言論的核心議題之爭。過去20多年來，中國的經濟改革計畫與人民的創業風氣已經讓該國人民大幅脫離貧窮。事實上，這個偉大的國家目前還不斷有高經濟成長與發展。

我們是在2006年一月推出Google.cn，當時我們認為讓中國網友增加資訊存取管道與更開放的網際網路，其重要性會高過我們自己對於同意管制部分搜尋結果的不安。當時我們也說得很清楚，「我們會仔細觀察中國的狀況，包括跟我們服務有關的新法規與限制，若我們發現無法達成上述目標，我們會毫不猶豫的重新思考在中國的作法。」

這次的攻擊事件與事後發現的監控，加上過去一年來中國變本加厲地試圖管制網路言論自由，我們認定現在是應該來檢視一下在中國營運的可行性了。我們決定不再繼續配合管制Google.cn的搜尋結果，因此未來幾週，我們會與中國政府洽談，看看是否能在合法的情況下提供沒有篩選過濾的搜尋引擎。我們也很瞭解Google.cn可能就此關閉，我們在中國的辦公室也得結束經營。

我們做出這個重新檢視中國營運的決策真的十分為難，我們也深知可能會有重大的影響。我們要特別聲明，此事是由美國總部高層主導，中國員工事前並不知情也沒有參與，Google.cn之所有有今日的成功都得歸功於他們。我們會致力於負責解決上述所提的棘手議題。

貼文者： Google 法務長暨企業開發資深副總裁 David Drummond

（翻譯：陳奭璁）