A new approach to China
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.
We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve's blog and this presentation on the GhostNet spying incident.
We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.
We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China."
These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
【附】文学城快讯:
http://news.wenxuecity.com/messages/201001/news-gb2312-991812.html
据国外媒体报道,谷歌在其官方博客上宣布,该公司不愿再对其中国版搜索引擎Google.cn的搜索结果进行审查,并承认这项决定可能意味着Google.cn将不得不关闭,可能连谷歌驻中国的办事处也会关闭。
谷歌(Google Inc.)表示正在评估公司中国业务运营的可行性,并可能完全退出中国市场,因为该公司透露,他们遭受了据信来自中国大陆的重大网络袭击。
谷歌周二在一份博客文章中表达了上述想法。谷歌在博文中称,去年12月中旬,他们侦测到一次来自中国、针对公司基础架构的高技术、有针对性的攻击,这次攻击导致其知识产权被盗。
该博文说,谷歌相信攻击者的目标是进入中国人权活动人士的Gmail账户,但似乎只有两个Gmail账户被进入。
由谷歌首席法律顾问大卫·多姆德(David Drummond)执笔的这篇博文称,这些攻击、攻击所揭示的监视行为,以及在过去一年试图进一步限制网络言论自由的行为使得谷歌得出这样一个结论,那就是我们应该评估中国业务运营的可行性。
多姆德写道,公司已经决定不愿再审查我们在Google.cn上的搜索结果,因此,如果可能,公司将在未来几周公司和中国政府讨论在什么样的基础上我们能够在法律框架内运营未经过滤的搜索引擎。我们承认这很可能意味着公司将不得不关闭Google.cn,以及我们在中国的办公室。
谷歌在同意审查其搜索结果的情况下于2006年推出了中文搜索引擎Google.cn。