Like many other well-known organizations, we face cyber attacks ofvarying degrees on a regular basis. In mid-December, we detected ahighly sophisticated and targeted attack on our corporateinfrastructure originating from China that resulted in the theft ofintellectual property from Google. However, it soon became clear thatwhat at first appeared to be solely a security incident–albeit asignificant one–was something quite different.
First,this attack was not just on Google. As part of our investigation wehave discovered that at least twenty other large companies from a widerange of businesses–including the Internet, finance, technology, mediaand chemical sectors–have been similarly targeted. We are currently inthe process of notifying those companies, and we are also working withthe relevant U.S. authorities.
Second, we have evidence tosuggest that a primary goal of the attackers was accessing the Gmailaccounts of Chinese human rights activists. Based on our investigationto date we believe their attack did not achieve that objective. Onlytwo Gmail accounts appear to have been accessed, and that activity waslimited to account information (such as the date the account wascreated) and subject line, rather than the content of emails themselves.
Third,as part of this investigation but independent of the attack on Google,we have discovered that the accounts of dozens of U.S.-, China- andEurope-based Gmail users who are advocates of human rights in Chinaappear to have been routinely accessed by third parties. These accountshave not been accessed through any security breach at Google, but mostlikely via phishing scams or malware placed on the users’ computers.
Wehave already used information gained from this attack to makeinfrastructure and architectural improvements that enhance security forGoogle and for our users. In terms of individual users, we would advisepeople to deploy reputable anti-virus and anti-spyware programs ontheir computers, to install patches for their operating systems and toupdate their web browsers. Always be cautious when clicking on linksappearing in instant messages and emails, or when asked to sharepersonal information like passwords online. You can read more hereabout our cyber-security recommendations. People wanting to learn moreabout these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve’s blog and this presentation on the GhostNet spying incident.
Wehave taken the unusual step of sharing information about these attackswith a broad audience not just because of the security and human rightsimplications of what we have unearthed, but also because thisinformation goes to the heart of a much bigger global debate aboutfreedom of speech. In the last two decades, China’s economic reformprograms and its citizens’ entrepreneurial flair have lifted hundredsof millions of Chinese people out of poverty. Indeed, this great nationis at the heart of much economic progress and development in the worldtoday.
We launched Google.cn in January 2006 in the belief thatthe benefits of increased access to information for people in China anda more open Internet outweighed our discomfort in agreeing to censorsome results. At the time we made clearthat “we will carefully monitor conditions in China, including new lawsand other restrictions on our services. If we determine that we areunable to achieve the objectives outlined we will not hesitate toreconsider our approach to China.”
These attacks and thesurveillance they have uncovered–combined with the attempts over thepast year to further limit free speech on the web–have led us toconclude that we should review the feasibility of our businessoperations in China. We have decided we are no longer willing tocontinue censoring our results on Google.cn, and so over the next fewweeks we will be discussing with the Chinese government the basis onwhich we could operate an unfiltered search engine within the law, ifat all. We recognize that this may well mean having to shut downGoogle.cn, and potentially our offices in China.
The decision toreview our business operations in China has been incredibly hard, andwe know that it will have potentially far-reaching consequences. Wewant to make clear that this move was driven by our executives in theUnited States, without the knowledge or involvement of our employees inChina who have worked incredibly hard to make Google.cn the success itis today. We are committed to working responsibly to resolve the verydifficult issues raised.
Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer