Google may pull out of China after cyberattacks

[Cees Binkhorst]

REPLY TO: D66 at nic.surfnet.nl

'break-ins ... not through a security breach' is vooral interessant ;)
En wat zouden ze bedoelen met: wel 'intellectual property' maar geen
'content of e-mails'?

- a “highly sophisticated and targeted attack” coming from China on its
infrastructure that resulted in some of its intellectual property being
stolen
- we have discovered that at least twenty other large companies from a
wide range of businesses -- including the Internet, finance, technology,
media and chemical sectors -- have been similarly targeted
- Those break-ins most likely happened as a result of phishing scams or
malware and not through a security breach
- only two Gmail accounts were accessed, and that only account
information and not the content of e-mails was accessed
- Gmail accounts of “dozens” of human rights advocates in the U.S.,
China and Europe have been “routinely accessed by third parties”
- We believe Google Apps and related customer data were not affected by
this incident

Ik houd het op een ordinaire publiciteitsstunt.
Die Google overigens tot in lengte der dagen parten zal spelen!
In de zin van 'kan geen winst meer maken ... breekt de pleuris uit'
Maar ook dat GMail zo lek als een mand zou zijn (is likely safe).

Groet / Cees

http://www.networkworld.com/news/2010/011210-google-may-pull-out-of.html
  Google may pull out of China after cyberattacks
Following attacks targeting Gmail accounts of human rights activists,
Google will stop censorship of Google.cn
By Nancy Gohring, IDG News Service
January 12, 2010 06:31 PM ET

Google has decided to stop censoring its results in China and could end
up closing its operations and shutting down its search engine there, the
company said Tuesday.

Biggest data breaches in past 12 months
The decision follows an attack on Google's servers in December that
targeted the Gmail accounts of Chinese human rights activists, Google
said in a blog post.

“These attacks and the surveillance they have uncovered -- combined with
the attempts over the past year to further limit free speech on the web
-- have led us to conclude that we should review the feasibility of our
business operations in China,” David Drummond, Google's chief legal
officer, wrote in the post.

In mid-December the company detected a “highly sophisticated and
targeted attack” coming from China on its infrastructure that resulted
in some of its intellectual property being stolen, Drummond wrote. He
didn't disclose exactly what had been stolen.

Google later discovered it was not the only company targeted. “As part
of our investigation we have discovered that at least twenty other large
companies from a wide range of businesses -- including the Internet,
finance, technology, media and chemical sectors -- have been similarly
targeted,” Drummond said.

Google said it is in the process of notifying those companies and also
working with U.S. authorities.

In addition, it found that the primary goal of the attacker seemed to be
accessing Gmail accounts of Chinese human rights activists. Drummond
said only two Gmail accounts were accessed, and that only account
information and not the content of e-mails was accessed.

But separately, Google found that Gmail accounts of “dozens” of human
rights advocates in the U.S., China and Europe have been “routinely
accessed by third parties,” Drummond wrote. Those break-ins most likely
happened as a result of phishing scams or malware and not through a
security breach, he said.

“We have taken the unusual step of sharing information about these
attacks with a broad audience not just because of the security and human
rights implications of what we have unearthed, but also because this
information goes to the heart of a much bigger global debate about
freedom of speech,” Drummond wrote.

Google, like many other technology companies, has come under fire for
bowing to censorship requirements imposed by the Chinese government.
Google has argued in the past that it is better for China if Google
operates any service there that increases access to information, even a
censored one.

But Drummond said Google has always pledged to monitor conditions in the
country and reconsider its approach if necessary. The company has now
decided to review the feasibility of its operations in China.

“We have decided we are no longer willing to continue censoring our
results on Google.cn, and so over the next few weeks we will be
discussing with the Chinese government the basis on which we could
operate an unfiltered search engine within the law, if at all. We
recognize that this may well mean having to shut down Google.cn, and
potentially our offices in China,” he wrote.

It would be a remarkable and unexpected turnaround for Google, which has
invested heavily in China to tap into its fast-growing Internet
population, which already outnumbers that of the U.S. and is growing fast.

It has, however, been a difficult road for Google, which has struggled
to win significant market share against Baidu.com. The Chinese search
leader accounted for nearly 70 percent of online searches in China late
last year, compared to about 20 percent for Google, according to China
IntelliConsulting.

Simultaneous with the disclosure of the hacking incident, Google’s
Enterprise division president sought to reassure corporate customers the
data they have stored in Google’s servers is likely safe.

“We believe Google Apps and related customer data were not affected by
this incident,” Google Enterprise President Dave Girouard wrote in an
official blog.

“This attack may understandably raise some questions, so we wanted to
take this opportunity to share some additional information and assure
you that Google is introducing additional security measures to help
ensure the safety of your data,” Girouard wrote, without being specific
about what Google will do differently.

The Center for Democracy and Technology praised Google’s decision to
reconsider its position in China.

“Google has taken a bold and difficult step for Internet freedom in
support of fundamental human rights. No company should be forced to
operate under government threat to its core values or to the rights and
safety of its users,” Leslie Harris, the CDT’s president, said in a
statement.

**********
Dit bericht is verzonden via de informele D66 discussielijst (D66 at nic.surfnet.nl).
Aanmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SUBSCRIBE D66 uwvoornaam uwachternaam
Afmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SIGNOFF D66
Het on-line archief is te vinden op: http://listserv.surfnet.nl/archives/d66.html
**********