Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.
How it was different is that the targets of much of security breach were Chinese activists (read: people who prefer freedom over censorship) who had Gmail accounts. A quick summary of the main points of this new approach to China from Google is summed up like this.
- It wasn’t just Google who was targeted and hit. There were 20 other US companies and they are apparently in the process of sorting this out themselves.
- Google states: “We have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves. “
- There was routine third party access of Gmail accounts of human rights activists related to China who are based in China, US and Europe. This access is likely due to malware and phishing scams.
Google then recommends for folks to be up to date on their security for their computers and is careful to “play nice” with China by saying
In the last two decades, China’s economic reform programs and its citizens’ entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today. They also point out that when they entered the Chinese market in 2006 they were doing it with a watchful eye.
So what’s the result of this?
These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
So Google makes a stand that says they are not going to censor their results and if there is no way to reconcile then they may need to move on. While the Chinese people are clearly in favor of Baidu as their engine of choice, if Google were to say that they will not do business in China what kind of pressure does that place on other companies to possibly isolate the biggest and fastest developing market in the world? This could get interesting.