If this is accurate, it is quite a story. A sophisticated, large-scale cyber-attack from within China is causing Google to overhaul its Chinese operations and possibly stop censoring the search results on google.cn. The story has everything – human rights, censorship, America’s leading brand, cybercrime, intrigue and an unprecedentedly open statement from Google.
You can read a good summary of the breaking story over here.
Google is releasing information about a “highly sophisticated and targeted attack” on their corporate infrastructure that occurred last month. The attack originated in China and resulted in the “theft of intellectual property from Google.” In light of the attack Google is making sweeping changes to its Chinese operations.
Google is releasing some information about these attacks to the public. The company says that a minimal amount of user information was compromised, but has come to the alarming conclusion that the attacks were targeting the information of Chinese human rights activists. Google found that these attacks were not just going after Google’s data, but were also targeting at least twenty other major companies spanning sectors including Internet, finance, chemicals, and more. Google has also discovered that phishing attacks have been used to compromise the Gmail accounts of Chinese human rights activists around the world.
In light of the attacks, and after attempts by the Chinese government to further restrict free speech on the web, Google has decided it will deploy a fully uncensored version of its search engine in China.
At first I didn’t believe it. Then I saw it from the horse’s mouth, Google’s own blog:
We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that “we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.”
These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
This is kind of slapdash; I wasn’t supposed to be blogging today as I’m on deadline. But this story is totally unbelievable, off the charts.
Thanks to the reader who alerted me to this.
Update – From the NYT
Google threatened late Tuesday to pull out of its operations in China after it said it had uncovered a massive cyber attack on its computers that originated there….
Google said that a primary goal of the attackers was accessing the Gmail accounts of Chinese human right activists, but that the attack also targeted 20 other large companies in the finance, technology, media and chemical sectors.
In a blog posting by David Drummond, the corporate development and chief legal officer, Google said that it had found a “highly sophisticated and targeted attack on our corporate infrastructure originating from China.”
“These attacks and the surveillance they have uncovered — combined with the attempts over the past year to further limit free speech on the web — have led us to conclude that we should review the feasibility of our business operations in China,” Mr. Drummond wrote in a blog post.
He wrote that Google was no longer willing to censor results on its Chinese-language search engine and would discuss with Chinese authorities whether it could operate an uncensored search engine in that country.
“We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China,” Mr. Drummond wrote, adding that the decision was being driven by executives in the United States, “without the knowledge or involvement of our employees in China.”
Yeah, a very big story. I’m waiting for the conspiracy theorists who claim this is google’s creative strategy for exiting China, where things never went quite the way they expected, while making them look like the victim instead of the loser. (And no, I don’t necessarily believe that. I just know how the minds of some of my more strident commenters work. Being a PR guy, it was the first thing that crossed my mind when I heard the story – I couldn’t help it.)
Update 2: The Wall Street Journal is featuring this as their top story today, and they state:
Much of the data stolen from Google was its “core source code,” Mr. Mulvenon [director of a national security firm] said. “If you have the source code, you can potentially figure out how to do Google hacks that get all kinds of interesting data.” Among the data, would be the information needed to identify security flaws in Google’s systems, he said.
The attackers used at least seven different types of attack code to identify and steal data from Google, said Rafal Rohozinski, a principal at the SecDev Group, a Canadian security consulting firm that discovered a major Chinese spying operation on the Dalai Lama last year.
I bring this up because it calls to mind a comment I left in the earlier thread:
[D]on’t fool yourself about google. They may let you download a song for free. Would they hand you the source code for their search algorithm? No, because then they wouldn’t be Google anymore. They’d just be one of a trillions of other companies offering the same thing.
This was in response to a commenter praising Google for not caring about intellectual property and being a proponent of open-source technology (you can actually do both – be a proponent of open source and value IP). Obviously Google does care about IP, a lot – as it must. Its core source code is its bread and butter.
Post updated at 8:24pm Arizona time. Is it all a PR stunt?
Richard Burger is the author of Behind the Red Door: Sex in China, an exploration of China's sexual revolution and its clash with traditional Chinese values.