1/12/2010 03:00:00 PM
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.

We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve’s blog and this presentation on the GhostNet spying incident.

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China’s economic reform programs and its citizens’ entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.

We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that “we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.”

These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer

http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

Google’s change of heart over China raises wider issues, says regular commentator Bill Thompson.

Google has responded to what it terms “a highly sophisticated and targeted attack on our corporate infrastructure” aimed at getting access to the Gmail accounts of Chinese human rights activists by announcing its desire to stop censoring search results on its Google.cn website.

Writing on the official Google blog the company’s chief legal officer David Drummon says that “over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law”.

But there is clearly little expectation that this will be possible and Google has apparently decided that it will, if necessary, stop operating in China.

At the same time it has announced that all access to Gmail will now be over the more secure encrypted https protocol by default instead of the usual http standard that sends data as clear text.

It’s a move that is clearly being made in response to the hacking and makes a lot of sense.

The censorship goes back to January 2006 when Google launched its Chinese search engine to widespread criticism.

Building a service around the restrictions insisted upon by the Chinese government meant that searches for topics like Tiananmen brought up very different results when carried out in China, with no images of the student protests or their violent suppression coming up.

Rising pressure

The company defended its approach at the time, arguing that it was following local laws and that the benefits of bringing information - even censored information - to the people of China outweighed the need to hold to the corporate motto “don’t be evil”, because sometimes a little bit of evil was unavoidable.

It also made good business sense, of course.

Other Western search companies were already operating in China and local search engines were acquiring users in one of the fastest-growing internet markets in the world, a market that no western company could afford to ignore.

Google may believe its services are a force for good, but they are also, and must be, a force for profit too, even if they are free at the point of use.

Threatening to pull out of China is like threatening to spit on a whale Bill Thompson Google ‘may end China operations’

But now things have changed, and the attacks on Gmail accounts of human rights activitists seem to have tipped the scale back to the side of being good

Google now apparently recognises that its presence in China has not encouraged openness or built pressure on the authorities to reduce the degree of control and censorship and that its support for the current system may in fact have given it credibility.

Yet the attack on Gmail cannot have come as a surprise, and even though Google is careful not to accuse the authorities of direct involvement the implication is clear.

Groups such as Students for a Free Tibet are being hacked all the time, and the US government has acknowledged that China is a main origin of attempts to infiltrate and disrupt US government websites.

Of course liberal democracies do the same, passing laws like the US Patriot Act or our own Regulation of Investigatory Powers Act that legalise interception and provide a framework for spying and snooping.

Chinese attempts to break into the Gmail accounts of human rights activists are as legal as attempts by the UK secret service to infiltrate the e-mail accounts of religious extremists who are considered potential terrorists.

Google’s search results are filtered and censored here in the UK to take account of legal constraints such as laws against images of child abuse.

Google and other webmail providers also routinely provide access to customer data when the authorities require it under the law, both in the UK and elsewhere, and European ISPs are obliged to retain and turn over details of our online interactions if needed to investigate crime.

‘Wrong way’

Here in the UK, Peter Barron, former editor of BBC Newsnight and now Google UK’s head of communications, has been all over the media giving their side of the story.

I haven’t seen any response from Chinese government spokespeople, and doubt one will be forthcoming.

Google may be big news in the west, but the decision of one search engine provider to renege on its agreement to follow local laws and ask for an exemption is unlikely to merit a formal response.

Threatening to pull out of China is like threatening to spit on a whale. It may make Google feel better, but organisations working to open up China and change its policies know that threats are simply not going to work.

Perhaps the senior management team at Google are simply guilty of believing all the stories in the media that paint them as all-powerful and supremely important, or perhaps they just don’t know as much about real politics as they do about building better search or targeting adverts.

When Google went into China I wrote that it was making the right choice and that a policy of constructive engagement was the only effective way forward.

Even though it has clearly failed in this instance I still believe that we will only make progress if we talk to those with whom we disagree, and if we try at least to understand the complexities that face us as different cultures try to find ways to use the technologies that underpin the global internet.

Google’s approach is not the way to effect change.

Bill Thompson is an independent journalist and regular commentator on the BBC World Service programme Digital Planet. He is currently working with the BBC on its archive project.

from http://news.bbc.co.uk/2/hi/technology/8456622.stm