Tuesday, January 12, 2010

Brave new world: China attacks Google

Based on the phrasing and response, it's clear that Google believes this attack was launched by parties working for the government of China. We can also assume that the "relevant US authorities" (FBI) agree with them. I wonder if the targeted companies used software with similar vulnerabilities.
Official Google Blog: A new approach to China

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves...

... We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China."

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
This may be the end of Google's services in China. We should expect their share price to fall in the morning. Google's "evil score" has now dropped to the lowest possible level for a public corporation.

Update 1/13/10: There's a lot of commentary this morning, including comparisons to how the USSR hobbled itself by shutting out access to world knowledge. I'm wondering if Google's increasingly powerful and ubiquitous machine translation services played a precipitating role. Language has been the cultural equivalent of the Himalayas - preserving China from cultural invasion. I suspect the Chinese government is very concerned about widespread direct unmediated access to English language materials.
My Google Reader Shared items (feed)

No comments: