Attacks/Breaches
1/12/2010
07:36 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Ends Censorship In China

Targeted cyber attacks from China on corporate data of at least 20 public companies and efforts to steal data about human rights advocates have prompted Google to re-evaluate its cooperation with Chinese censors.

Google said on Tuesday that it will no longer censor search results on Google.cn, a decision likely to end the company's presence in China.

Google's decision comes after it detected a highly sophisticated cyber attack on its corporate infrastructure last month that resulted in the theft of Google's intellectual property. Details about the theft were not disclosed.

David Drummond, SVP of corporate development at Google and the company's chief legal officer, said in a blog post that Google's internal investigation revealed at least twenty other large companies had also been attacked.

"[W]e have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists," said Drummond. "Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of e-mails themselves."

As a result of its investigation, Drummond said, Google also discovered that "the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties." He emphasized that this was not due to a security failure on Google's part. Rather, these users appear to have had their passwords compromised through phishing scams or malware on their computers.

As a consequence of these attacks, Google has come to believe that it can no longer continue censoring Google.cn, as directed by the Chinese government.

"These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the Web--have led us to conclude that we should review the feasibility of our business operations in China," Drummond said. "We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China."

Financially, Google's revenue from China is not material to its overall revenue.

Google's decision was immediately hailed by rights groups, many of which have questioned whether the company's decision in 2006 to cooperate with Chinese censors violated its "Don't be evil" motto.

"Google has taken a bold and difficult step for Internet freedom in support of fundamental human rights," said Leslie Harris, president of the Center for Democracy & Technology, in an e-mailed statement. "No company should be forced to operate under government threat to its core values or to the rights and safety of its users. We support Google for being willing to engage in this very difficult process."

Google's decision recalls the stand it took against the U.S. government, which sought the company's search data in 2005 and 2006 to support its ultimately failed effort to uphold the Child Online Protection Act.

"This is a very big step that Google is taking, that is to make public these kinds of cyber attacks," said Sharon Hom, executive director of Human Rights In China. Such attacks, she said, are not news to the the human rights communities and NGOs, which have long been targeted with phishing, malware, and denial of service attacks. "For Google to make public what they have discovered is highly significant," she added. "It's a wake up call to the international business community about the real risks of operating in China."

Hom said that how China reacts to Google's decision will send a very strong message to the business community about their future prospects in China.

Dave Girouard, president of Google's Enterprise group, in a separate blog post stressed that these attacks should not shake faith in cloud computing.

"At Google, we invest massive amounts of time and money in security," he said. "Nothing is more important to us. Our response to this attack shows that we are dedicated to protecting the businesses and users who have entrusted us with their sensitive email and document information. We are telling you this because we are committed to transparency, accountability, and maintaining your trust."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2010-5075
Published: 2014-12-27
Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.

CVE-2011-4720
Published: 2014-12-27
Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.

CVE-2011-4722
Published: 2014-12-27
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.

CVE-2012-1203
Published: 2014-12-27
Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.

CVE-2012-1302
Published: 2014-12-27
Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.