谷
歌(Google)表示正在评估公司中国业务运营的可行性,并可能完全退出中国市场。该公司透露,他们遭受了据信来自中国大陆的重大网络袭击。以下是由谷歌高级副总裁、公司发展兼首席法律顾问大卫•多姆德(David Drummond)执笔的官方博文。新的中国策略
就象其他许多知名组织一样,谷歌也会经常面临不同程度的网络袭击。在去年12月中旬,我们侦测到了一次来自中国、针对公司基础架构的高技术、有针对性的攻击,它导致我们的知识产权被窃。不过,事态很快变得明了,这个起初看似独立的安全事件(尽管很严重)其实背后大有不同。
ANDREW HARRER/BLOOMBERG NEWS
谷歌高级副总裁、公司发展兼首席法律顾问大卫•多姆德
第二,我们有证据显示,攻击者的首要目标是进入中国人权活动人士的Gmail账户。我们迄今为止的调查结果让我们相信,这些攻击没有达到预期目标。只有两个Gmail账户被进入,而且其活动仅限于帐户信息,比如帐户何时创建、以及邮件标题,具体邮件内容未被染指。
第三,在与谷歌受攻击无关的整体调查中,我们发现数十个在美国、中国及欧洲的中国人权活动人士Gmail帐户经常被第三方侵入。入侵这些帐户并非经由谷歌的任何安全漏洞,而很可能是通过在用户电脑上放置网络钓鱼或恶意软件。
我们已经运用从这些袭击中获得的信息改进了基础设施和网络结构,加大对公司和客户的安全保障。对个人用户而言,我们建议大家使用可靠的杀毒和反间谍软件,安装操作系统的补丁并升级网络浏览器。在点击即时信息和邮件中显示的链接、或被要求在网上提供诸如密码等个人信息时永远要保持警惕。你可以点击这里阅读谷歌提供的网络安全建议。希望更多了解此类袭击的人士可以阅读美国政府提供的报告、纳特•维伦纽夫(Nart Villeneuve)的博客以及有关间谍网络幽灵网(GhostNet)的报导。
我们采取了非常规手段与大家共享这些网络攻击信息,其原因并不只是我们发现了其中的安全和人权问题,而是因为这些信息直指言论自由这一全球更重大议题的核心。在过去20年中,中国的经济改革和中国人的创业精神让上亿中国人摆脱了贫困。事实上,这个伟大的国家是当今世界许多经济成就和发展的核心。
我们在2006年1月在中国推出了Google.cn,因为我们相信为中国人拓展信息获取、加大互联网开放的裨益超过了我们因在网络审查上做出让步而带来的不悦。当时我们明确表示,我们将在中国仔细监控搜索结果,并在服务中包括新的法律法规;如果我们认定自己无法实现上述目标,那么我们将不会犹豫重新考虑我们的中国策略。
这些攻击和攻击所揭示的监视行为,以及在过去一年试图进一步限制网络言论自由的行为使得谷歌得出这样一个结论,那就是我们应该评估中国业务运营的可行性。公司已经决定不愿再对Google.cn上的搜索结果进行内容审查,因此,未来几周,公司和中国政府将讨论在什么样的基础上我们能够在法律框架内运营未经过滤的搜索引擎,如果确有这种可能。我们认识到,这很可能意味着公司将不得不关闭Google.cn,以及我们在中国的办公室。
做出重新评估我们在华业务的决定是异常艰难的,而且我们知道这可能带来非常深远的影响。我们希望说明的一点是,该决定是由公司在美国的管理团队做出的,而为Google.cn今日成功而付出了无比巨大努力的中国团队对此毫不知情,也未曾参与。我们决心以负责任的方式来解决任何可能随之产生的难题。
David Drummond, 谷歌高级副总裁、公司发展兼首席法律顾问
Google said it is 'reviewing the feasibility of our business operations in China' and may back out of China entirely, as it disclosed it had been hit with major cyberattacks it believes to have originated from the country. The following was posted on the official Google blog by David Drummond, SVP, Corporate Development and Chief Legal Officer:
A new approach to China
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident-albeit a significant one-was something quite different.
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses-including the Internet, finance, technology, media and chemical sectors-have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.
We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve's blog and this presentation on the GhostNet spying incident.
We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.
We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that 'we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.'
These attacks and the surveillance they have uncovered-combined with the attempts over the past year to further limit free speech on the web-have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer
-0-
Copyright (c) 2010 Dow Jones & Company, Inc.
A new approach to China
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident-albeit a significant one-was something quite different.
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses-including the Internet, finance, technology, media and chemical sectors-have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.
We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve's blog and this presentation on the GhostNet spying incident.
We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.
We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that 'we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.'
These attacks and the surveillance they have uncovered-combined with the attempts over the past year to further limit free speech on the web-have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer
-0-
Copyright (c) 2010 Dow Jones & Company, Inc.
没有评论:
发表评论