导读:传言要退出中国的谷歌在互联网上像一个点燃的火药桶一样爆炸了,它的消息盖过了与此同时发生的海地地震的消息,为什么谷歌要退出中国?山东省张宁互联网研究中心创始人张宁通过一系列追根溯源,同时了解了一些内幕后得出了结论:中国互联网容不得任何外国侵犯它的利益,只要干了侵犯政府“利益”的事情,就百分之百要被政府给Over!下面是谷歌CLO(首席法律官)兼副总裁David Drummond在谷歌官方博客(http://googleblog.blogspot.com,很可惜,被我们伟大的祖国给GFW了)发布的题为《A new approach to China》(《对待中国的新策略》)一文,从中我们能读出的是Google没有本事还是中国互联网的悲哀?希望你有自己的体会。
——山东省张宁互联网研究中心 创始人 张宁
原文:
A new approach to China
1/12/2010 03:00:00 PM
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.
We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve’s blog and this presentation on the GhostNet spying incident.
We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China’s economic reform programs and its citizens’ entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.
We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China."
These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer
译文:
对待中国的新策略
2010年1月12日 15:00:00
和许多其他著名组织类似,我们每天都会面对持续不断、程度不同的网络攻击。去年12月中旬,我们发现许多来自中国的针对我们公司许多基础设施的非常复杂,并且有针对性的攻击,并窃取了一部分属于公司的智慧财产。然而,我们很快地意识到,这些起初被认为是单纯的安全事件——尽管很严重——完全是另外一回事。
首先,这些袭击的对象并不仅仅是Google。作为我们调查的一部分,我们发现,至少有20多家企业——其业务范围广泛——包括互联网,金融,技术,媒体和化工等领域——也都成为了攻击目标。我们目前还在通知这些公司的过程中,我们也与美国有关当局的工作。
第二,我们有证据表明,攻击者的主要目的之一是访问的中国人权活动家的Gmail帐户。根据我们到目前为止的调查,我们确信他们的进攻并没有达成这一目标。只有两个Gmail帐户似乎已被访问,而这些活动也仅限于帐户信息(如帐户的创建日期)和主题行,而不是具体的电子邮件内容。
第三,独立于针对谷歌攻击的调查显示,有几十个位于美国、中国和欧洲的、倡导中国人权的Gmail用户的账户经常会被第三方访问。 这些帐户目前还没有被通过任何Google的安全漏洞访问过,但这些用户的电脑上很可能已经存在钓鱼或恶意软件。
通过对这次袭击所进行的调查所获得的信息,我们已经对我们的基础设施和架构进行了改进,以改善Google和我们的用户的安全性。在个人用户方面,我们会建议人们在电脑上部署知名反病毒和反间谍软件程序,安装操作系统补丁,并更新其网络浏览器。在使用即时消息和电子邮件时应保持警惕,特别是在点击其中的链接或输入个人信息如密码的时候。您可以看这里了解我们的网络安全的建议。如果想要了解这些类型的攻击更可以阅读这份美国政府的报告(PDF格式), 纳尔特维伦纽夫的博客以及这里对GhostNet间谍事件的介绍。
我们已采取非同寻常的步骤来和广大的受众共享这些攻击的信息,不只是因为我们所发掘的对安全和人权的影响,而且还因为这些信息关系到了一个更大的关于全球言论自由辩论的核心。在过去二十年里,中国的经济改革计划和公民的企业精神已经使亿万中华儿女脱离了贫困。事实上,这个伟大的国家处在现代快速经济进步和发展的核心。
我们在2006年1月推出Google.cn,基于这样的信念,让中国人民更容易接触到信息以及一个更加开放的互联网的益处超过了同意审查某些结果所引起的不适。当时,我们明确表示,“我们将密切注视中国的情况,包括新的法律和其他对我们服务的限制。如果我们确定无法达到这些既定的目标,我们将毫不犹豫地重新考虑对中国的策略。”
这些袭击以及通过它们发现的监视行为–结合在过去一年进一步限制网上言论自由的企图–使我们得出这样的结论:我们应该重新考虑在中国业务的可行性。我们已经决定,我们不再愿意继续在Google.cn审查过滤搜索结果,所以在未来的几周里,我们将与中国政府讨论可以在法律范围内运作的未经过滤的搜索引擎的基础,如果有可能的话。 我们认识到,这很可能意味着必须关闭Google.cn,并有可能关闭我们在中国的办事处。
决定重新考虑我们的中国业务是一个艰难的决定。我们知道这将可能有深远的影响。我们要明确的是,这一举措是由我们美国的管理人员在那些努力工作成就Google.cn今天成功的中国员工并不知情或参与的情况下作出的。我们正致力于负责任地解决所导致的困难问题。
发布者:大卫德鲁蒙德,高级副总裁,企业发展和首席法律官