Google vs. China
The below are verbatim text from Google’s blog concerning the attacks made by the Chinese government against their servers. As far as I know this is a first for GadgetMeter, but the topic is important enough that I don’t think it’s fair to condense it.Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different. First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities. Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves. Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers. We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People interested wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve’s blog and this presentation on the GhostNet spying incident. We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China’s economic reform programs and its citizens’ entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today. We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that “we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.” These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China. The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised. Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer
And here’s another post:Many corporations and consumers regularly come under cyber attack, and Google is no exception. We recently detected a cyber attack targeting our infrastructure and that of at least 20 other publicly listed companies. This incident was particularly notable for its high degree of sophistication. We believe Google Apps and related customer data were not affected by this incident. Please read more about our public response on the Official Google Blog. This attack may understandably raise some questions, so we wanted to take this opportunity to share some additional information and assure you that Google is introducing additional security measures to help ensure the safety of your data. This was not an assault on cloud computing. It was an attack on the technology infrastructure of major corporations in sectors as diverse as finance, technology, media, and chemical. The route the attackers used was malicious software used to infect personal computers. Any computer connected to the Internet can fall victim to such attacks. While some intellectual property on our corporate network was compromised, we believe our customer cloud-based data remains secure. While any company can be subject to such an attack, those who use our cloud services benefit from our data security capabilities. At Google, we invest massive amounts of time and money in security. Nothing is more important to us. Our response to this attack shows that we are dedicated to protecting the businesses and users who have entrusted us with their sensitive email and document information. We are telling you this because we are committed to transparency, accountability, and maintaining your trust. Posted by Dave Girouard, President, Google Enterprise
When Google first went into China and agreed to filter their results per the requirements of the Chinese government, I wasn’t terribly outraged. In fact, I thought that most of the people raising a stink were being, frankly, self-centered and self-righteous. If a Chinese company were to come into the US and pay their workers lower than minimum wage and ignore US laws concerning health, welfare, environment, etc, we’d be all over them. But because Google was following Chinese law, they were seen as being traitors to the idea of democracy and the US Constitution. Last I checked, the Chinese didn’t ever agree to the Constitution. Google couldn’t be faulted for following the rules of the country they’re operating in.
This, however, is different. Basically, China is giving a big F*** Y** to any company that wants to do business inside their borders, and it’s a big enough reaming that every company rushing to build a presence in that country needs to seriously think about whether or not it’s worth it. It wasn’t just Google – as their post states, it was a variety of financial, media, Internet, and chemical sector companies.
Here’s the thing about China. They DON’T CARE what you think. The government is concerned with one thing and one thing only and that’s staying in power. If that means providing what looks like a market economy, then they’ll do it. But don’t ever lose sight of the fact that it’s NOT a market economy. If you create something incredibly valuable in China, copyright or no, patent or no, agreement or no, THEY WILL TAKE IT FROM YOU. Whether they do it by “accidentally” releasing sensitive information to a government-associated company or by looking the other way when a Chinese company steals your secrets, the end result is that nothing you create in China will be yours. Period.
And the sad thing is that the US can’t do a damn thing about it because we are owned heart and soul by the Chinese government. Who do you think is giving us the money to bail out our economy and the Wall Street banks? It’s certainly not coming from US savers. It’s really hard to yell at someone to whom you owe trillions of dollars. And it’s even harder for them to actually hear you talk about human rights in one ear when you’re yelling “please give us more money” in the other.