A new approach to China
1/12/2010 03:00:00 PM Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.
We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve's blog and this presentation on the GhostNet spying incident.
We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.
We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China."
These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer
中文翻譯如下:
與其他很多著名組織一樣,我們經常會碰到各種各樣的網絡攻擊。去年12月中旬,我們檢測到一次來自中國的,對我們集團網絡設備高度精密和有針對性的網絡攻擊,在此次攻擊中,谷歌公司的知識產權遭到竊取。我們很快就查清這並非只是一場單純的安全事件。
首先,此次攻擊並非僅僅針對谷歌。我們在調查中發現,至少有其他20家大型公司也成為了類似的攻擊目標,這些公司所在的行業分佈廣泛---包括互聯網、金融、科技、媒體和化工行業。我們目前正在通知這些公司,並與美國有關部門攜手展開調查。
第二,我們有證據表明攻擊者的主要目標是入侵中國人權活動者的Gmail郵箱賬戶。根據我們掌握的調查數據,我們確信他們的攻擊還未能達此目的。只有兩個Gmail賬戶有被侵入過的跡象,而入侵者的活動範圍也僅限於賬戶信息(如賬戶創建時的數據)和郵件主題,而不是郵件內容。
第三,我們在對谷歌案件的調查中發現,有很多擁護人權活動,註冊地在美國、中國和歐洲的Gmail郵箱賬戶似乎經常受到第三方侵入。入侵者並非是通過Google的安全漏洞進行攻擊,而極有可能是通過在用戶的電腦內植入釣魚網頁或是惡意軟件來達到目的。
我們已經利用從這次攻擊中所獲取的資料,改善基礎設施及架構,提高谷歌及我們用戶的安全。從個人用戶來說,我們我們建議他們在自己的電腦上安裝信譽好的反病毒和反間諜軟件程序,給他們的操作系統安裝補丁,並更新所使用的網絡瀏覽器。在點擊即時信息和電子郵件的鏈接時,或要求在線提供個人密碼等個人資料時,要保持警惕。在這裡,你能夠閱讀到更多我們所提出的關於電子安全方面的建議。如果希望獲得更多關於這種類型攻擊情況,請閱讀美國政府的這份報告(PDF)。
2006年1月,雖然我們對一些搜索結果將受到審查而感到不適,但為了加強與中國用戶的聯繫以及建立一個更為開放的互聯網環境,我們還是發布了Google.cn。從發布之日起我們就有著明確的運營思路---我們將仔細審視中國的運營環境,包括新法律的發布以及對我們所服務領域的其他規定。如果我們認為我們無法取得既定目標,我們將毫不猶豫的重新考慮我們在中國的發展策略。
這些未經報導的攻擊和監視,以及過去幾年來政府試圖進一步限制互聯網上的言論自由已使我們得出結論,我們應重新審視我們在中國的業務運營。我們已決定我們將不再繼續審查Google.cn上的搜索結果,且如有可能的話,未來幾週內我們將與中國政府就我們是否可以依法運營一個未經過濾的搜索引擎展開討論。我們認識到這可能意味著我們不得不關閉Google.cn,並有可能關閉我們設在中國的辦公部門。
沒有留言:
發佈留言