Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.
We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve's blog and this presentation on the GhostNet spying incident.
We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.
We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China."
These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
象许多其他著名组织,我们面对不同的定期度网络攻击。 12月中旬,我们发现在我们的公司从中国,在由谷歌侵犯了知识产权,导致原基础设施非常复杂和具有针对性的攻击。 然而,很快就清楚地知道在第一次出现是单纯的安全事件 - 尽管是重要的一项 - 是完全是另外一回事。
首先,这次袭击不只是谷歌。 作为我们调查的一部分,我们发现,至少有20等大公司从业务范围广泛 - 包括互联网,金融,技术,媒体和化工等领域 - 也遭受了同样的目标。 我们目前还在通知这些公司的过程中,我们也与美国有关当局的工作。
第二,我们有证据表明,一个攻击者的主要目的是访问的中国人权活动的Gmail帐户。 根据我们调查,迄今为止,我们相信他们的进攻并没有实现这一目标。 只有两个Gmail帐户似乎已被访问,而这一活动仅限于帐户信息(如日期的帐户已创建)和主题行,而不是自己的电子邮件内容。
第三,这项调查的,但对谷歌攻击独立的一部分,我们发现,美几十个帐户,中国和欧洲的Gmail用户谁是在中国人权倡导者看来是例行访问的 第三方。 这些帐户还没有被访问的谷歌通过任何安全漏洞,但大多数通过网路钓鱼或恶意软件在用户的电脑上的可能。
我们已经使用的信息,从这次袭击,使获得基础设施和建筑改进,提高安全性和谷歌为我们的用户。 在个人用户方面,我们会建议人们在电脑上部署知名反病毒和反间谍软件程序,为他们安装操作系统补丁,并更新其网络浏览器。 一直很小心,在即时消息和电子邮件,或要求分享的个人信息如密码的网络版上点击链接。 你可以在这里阅读更多关于我们的网络安全的建议。 人们想要了解这些类型的攻击更可以阅读这个美国政府的报告(PDF格式),纳尔特维伦纽夫的博客,这对GhostNet介绍间谍事件。
我们已采取了交流有关的不只是因为安全和人权,我们有什么影响,广大观众发现这些攻击的信息不寻常的步骤,而且还因为这些信息转到了一个更大的关于全球自由辩论的核心 讲话。 在过去二十年里,中国的经济改革计划和公民'的企业精神已经脱离了贫困亿万中华儿女。 事实上,这个伟大的国家,是今天在许多经济进步和世界发展的核心。
我们相信推出Google.cn认为提高了对中国人民在一个更加开放的互联网信息的好处抵销同意审查结果,我们的一些不适,在2006年1月。 当时,我们明确指出,“我们将密切注视中国的条件,包括新的法律和对我们服务的其他限制。如果我们决定,我们无法达到目标所确定的,我们将毫不犹豫地重新考虑对中国的态度。”
这些袭击,他们已经发现监视 - 与在过去一年企图进一步限制网上言论自由的结合 - 已经导致我们得出结论,我们应该检讨我们在中国业务的可行性。 我们已经决定,我们不再愿意继续在Google.cn封杀我们的业绩,所以在未来,我们将与我国政府的基础上,我们可以在法律范围内运作,未经过滤的搜索引擎,讨论如果在几个星期 全部。 我们认识到,这很可能意味着必须关闭Google.cn,并有可能我们在中国的办事处。
审查的决定,在中国的业务一直非常努力,我们知道这将有可能影响深远的后果。 我们要明确,这一举措,主要是因为在美国我们的管理人员不知情或在中国的员工参与,谁工作非常努力,使Google.cn成就的今天。 我们正致力于负责任地解决提出的问题非常困难。
发布者大卫德鲁蒙德,高级副总裁,企业发展和首席法律官