Wednesday, January 13, 2010

Google, Under Cyber Attack From China, Aims to Stop Censoring Its Results in the Country

Google in a blog post has stated that they have been part of a cyber attack:

In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident – albeit a significant one – was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses – including the Internet, finance, technology, media and chemical sectors – have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective.

Google says this issue relates to another – their role in China:

We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that “we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.”

These attacks and the surveillance they have uncovered – combined with the attempts over the past year to further limit free speech on the web – have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

That particular blog post, as the rest of Google’s Blogger and Blogspot, is not normally accessible from China (conditions may vary depending on the particular region or city). The censorship is not limited to Blogger. YouTube, sometimes Google News, very often result bits of Google Images disappear when accessed from China. Users in China can still use google.com, though, unless there appears a blocked URL (like blogspot.com) when you click on a result; if Google would pull out google.cn, google.com could still be used as fallback provided it will not get permanently blocked.

Blocks aren’t limited to Google, either: Friendfeed, Twitter, Facebook and many other sites are blocked too. And blocks may not be merely motivated by issues relating to free speech; I don’t know, they may also be intended to push local internet companies over foreign ones. Every day that YouTube is blocked due to this digital trade barrier, local video sites are in advantage to gain more market share than they might in equal competition.

Now why would a cyber attack against a company make that company reevaluate its relationship with a government or its role in a country? One possible explanation could be that Google suspects the Chinese government to be somehow involved in the attacks. If so, and that is just speculation, then Google might find it even more difficult to continue to work together with the same authorities when it comes to accepting censorship lists for their Chinese search results (lists which include human rights watch organizations, too). If that is one of the reason for Google’s reevaluation, it remains unspoken in Google’s blog post. When CNBC asked Google’s David Drummond in an interview, “Can you verify... that the cyber attacks were government based?”, David answered: “I want to be very careful here and be very clear. We’re not saying, one way or the other, whether these attacks were state-sponsored or done with any approval of the state. We can’t speculate on that at this point. What we do know is that they were highly organized, and we believe that the attacker came from China, and we know that political dissidents and people interested in human rights in China were clearly targeted here.”

As another speculative reason, Google now fighting for an uncensored Google.cn could have been part of the original plan, too: first, get into the market and find a relevant amount of users; second, potentially use that user base leverage for discussions about free speech issues.

Besides the attacks against Gmail users, I wonder how the mentioned intellectual property theft weighs in on these issues. Does Google now feel it is very risky for them to have offices in China – as they could be infiltrated – influencing how they look at the whole situation? Some users at Reddit, in the meantime, think that Google made a self-interested business decision, while others congratulate them on their move and say it was based on moral principles.

Now, Google in their blog post emphasizes their latest strategy reevaluation came from the US, not from Chinese employees. An anonymous source “knowledgeable about the issue” told Wired’s Threat Level in relation to Google’s Chinese employees that Google is “really concerned about their safety and feels that there is a very real possibility that they will be interrogated ... They have been [interrogated] numerous times before, and this time they could be arrested and imprisoned.” Wired also mentions that their source told them that other companies who were under attack wanted to keep the issue secret. “They made a specific decision not to go public”, the source told Wired, but the source indicated that “Google felt it was important to alert the people who are potentially affected by the attack – the activist community.”

In other news, with perhaps a relation, Google has announced they’re now making Gmail use https by default (previously, you had to opt-in to this setting).

[Thanks DPic!]

Google, Under Cyber Attac ... by Philipp Lenssen | Comments (23+52)

>> More posts

Advertisement