1/12/2010 03:00:00 PM

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.

We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve’s blog and this presentation on the GhostNet spying incident.

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China’s economic reform programs and its citizens’ entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.

We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that “we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.”

These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer

附录：读者Jason Liu翻译的Google官方博客文章：A new approach to China

像 很多知名的公 司一样,我们每天都在遭受着或多或少不同程度的网络攻击.在12月中旬,我们监测到了一个从中国来的对google网络基础架构的高智能的目标明确的攻 击，其目的是为了盗取google的技术资源.这个一开始被我们仅仅当成是一个重大安全事故的独立事件其实是另有来头的.

第一,这次攻击不仅仅针对google.我们的调查显示至少有20家大的公司，行业领域包括互联网,金融，科技，传媒，化工，都遭受了相似的攻击。我们正在通知这些公司，而且我们正在与美国相关领域的专家进行合作.

第 二.我们有证据显示这些黑客的主要目标是获取中国人权活动家(Chinese human rigths activists)们的gmail账号信息.调查显示这些黑客并没有达到他们的目的。只有两个账户似乎被侵入，但是仅得到了账户的一般信息(比如说账户 是何时建立的)和邮件的标题，并没有得到邮件的内容。

第三,作为这次调查的另一部分，我们发现很多个在中国,美国，欧 洲致力于中国人权发展的用户的gmail账户经常被第三方人士查阅.这些第三方人士并不是通过google的安全漏洞来获取gmail信息的,而是通过网 络钓鱼和在用户的计算机上运行恶意软件的方法来获取用户的gmail邮件信息.

我们已经通过这次攻击所收集到的信息对 我们的架构做出了修正以提升google和我们用户的安全。对于个人用户来说，我们推荐用户安装知名的杀毒软件和反间谍程序，为自己的操作系统打上最新的 补丁，升级自己的浏览器，始终小心处理im和email中的链接,在网络上被要求告知个人信息比如密码时保持警惕。你可以通过这里获取我们关于网络安全的 建议。希望了解关于这些网络攻击的种类的人可以阅读这份美国政府报告(pdf)， Nart Villeneuve 的blog 还有这份这份关于ghostnet间谍事件的介绍(wiki上有介绍,跟咱中国又有关系).

我 们已经采取了非常规的手段–与广大的相关人士交流这次攻击的信息，这样做不仅仅是因为这次事件中我们发掘出来的安全和人权问题,更重要的是这件事的 核心其实是全世界关于言论自由的讨论.在过去的20年中,中国的经济改革和人民的商业头脑使中国数以亿计的中国人脱离了贫困.在当今世界，这个巨大的国家 是整个世界经济发展的中心。

我们在2006年的1月成立了google中国。我们相信与我们必须忍受中国政府的某些内容审查而遭受到的不快相比，无疑让中国人接触到更多的信息和创造一个更加开放的互联网络是更为重要的事情。在当时我们确定了“我们将一直小心关注中国的情况，包括新出台的法律和其他政策制度对我们服务的限制。如果我们认为我们没有能力达到我们提出的目标(指创建一个更加开放的互联网络)，我们将会毫不犹豫的考虑是否撤出中国市场”。

这 些攻击和审查，同时考虑到这些年对网络上子自由言论的限制，让我们觉得我们应该重新审视我们在中国业务的可行性.我们不愿意再继续忍受对我们 google.cn上内容的审查，接下来的几个星期内我们将会与中国政府讨论有关我们是否能够在法律允许的范围内运行一个没有审查和过滤的搜索引擎的可能 性。如果失败的话,这久可能意味着我们将要关闭google.cn，以及google中国。

做出这样一个决定是非常困难的一件事，而且我们明白这将会造成深远的后果。有一点要说清楚，这样的决策是由在美国的主管人员们所做出的，并没有到目前为止辛勤工作使google中国如此成功的中国部分员工的参与。我们将会负责任的解决这个棘手的问题。

David Drummond， 企业发展部高级副总裁 首席法务官