Attacks/Breaches
1/12/2010
07:36 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Ends Censorship In China

Targeted cyber attacks from China on corporate data of at least 20 public companies and efforts to steal data about human rights advocates have prompted Google to re-evaluate its cooperation with Chinese censors.

Google said on Tuesday that it will no longer censor search results on Google.cn, a decision likely to end the company's presence in China.

Google's decision comes after it detected a highly sophisticated cyber attack on its corporate infrastructure last month that resulted in the theft of Google's intellectual property. Details about the theft were not disclosed.

David Drummond, SVP of corporate development at Google and the company's chief legal officer, said in a blog post that Google's internal investigation revealed at least twenty other large companies had also been attacked.

"[W]e have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists," said Drummond. "Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of e-mails themselves."

As a result of its investigation, Drummond said, Google also discovered that "the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties." He emphasized that this was not due to a security failure on Google's part. Rather, these users appear to have had their passwords compromised through phishing scams or malware on their computers.

As a consequence of these attacks, Google has come to believe that it can no longer continue censoring Google.cn, as directed by the Chinese government.

"These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the Web--have led us to conclude that we should review the feasibility of our business operations in China," Drummond said. "We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China."

Financially, Google's revenue from China is not material to its overall revenue.

Google's decision was immediately hailed by rights groups, many of which have questioned whether the company's decision in 2006 to cooperate with Chinese censors violated its "Don't be evil" motto.

"Google has taken a bold and difficult step for Internet freedom in support of fundamental human rights," said Leslie Harris, president of the Center for Democracy & Technology, in an e-mailed statement. "No company should be forced to operate under government threat to its core values or to the rights and safety of its users. We support Google for being willing to engage in this very difficult process."

Google's decision recalls the stand it took against the U.S. government, which sought the company's search data in 2005 and 2006 to support its ultimately failed effort to uphold the Child Online Protection Act.

"This is a very big step that Google is taking, that is to make public these kinds of cyber attacks," said Sharon Hom, executive director of Human Rights In China. Such attacks, she said, are not news to the the human rights communities and NGOs, which have long been targeted with phishing, malware, and denial of service attacks. "For Google to make public what they have discovered is highly significant," she added. "It's a wake up call to the international business community about the real risks of operating in China."

Hom said that how China reacts to Google's decision will send a very strong message to the business community about their future prospects in China.

Dave Girouard, president of Google's Enterprise group, in a separate blog post stressed that these attacks should not shake faith in cloud computing.

"At Google, we invest massive amounts of time and money in security," he said. "Nothing is more important to us. Our response to this attack shows that we are dedicated to protecting the businesses and users who have entrusted us with their sensitive email and document information. We are telling you this because we are committed to transparency, accountability, and maintaining your trust."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3341
Published: 2014-08-19
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

CVE-2014-3464
Published: 2014-08-19
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers ...

CVE-2014-3472
Published: 2014-08-19
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

CVE-2014-3490
Published: 2014-08-19
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have...

CVE-2014-3504
Published: 2014-08-19
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading continuing coverage of the Black Hat 2014 conference brings interviews and commentary to Dark Reading listeners.