图片来源@Unsplash,基于CC0协议!
A new approach to China 在中国的新路线
1/12/2010 03:00:00 PM
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit asignificant one--was something quite different.
与许多知名公司一样,我们经常会面对不同烈度的网络攻击。在12月中旬,我们发现了来自中国的精心策划的针对google公司基础设施的网络攻击,并造成了公司的知识财产失窃。然后,很快,我们就发现,此次攻击与以往单独的网络安全事件完全不同。
First,this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a widerange of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
首先,该次网络攻击并非单独针对google。根据我们的调查,至少有20多家各行各业的大公司遭遇了类似的攻击,遍布金融,科技,媒体和化学工业。目前,我们正与美国相关部门一起处理上述攻击。
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Onlytwo Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account wascreated) and subject line, rather than the content of emails themselves.
其次,有证据显示,该项攻击的主要目的是窃取部分gmail账号的邮件内容,这些邮箱属于中国人权运动的组织者们。根据我们的调查,这些攻击并未得手。仅有2个gmail账号被非法进入,但仅获得了账号信息(如账户何时创建)和邮件标题栏,邮件的正文内容并未泄露。
Third,as part of this investigation but independent of the attack on Google,we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These account shave not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users′ computers.
第三,在此次调查中,我们意外的发现,数十个中国,美国,欧洲的gmail账户的邮件内容长期被第三方非法侵入,这些账号属于中国人权运动的支持者们。这些邮件内容的泄露并非是Gmail存在安全漏洞,而是用户的电脑被嵌入了钓鱼程序或其他恶意程序。
We have already used information gained from this attack to make in frastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs ontheir computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn moreabout these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve′s blog and this presentation on the GhostNet spying incident.
我们已经修补了此次网络攻击所发现的安全问题,并改进了基础系统架构。对于个人用户,我们建议在本地电脑上安装知名的杀毒和反间谍软件,安装操作系统的补丁并升级网页浏览器。同时,不要随意点击即时信息和邮件中的超链接,也不要在网上传递密码等个人信息。如需更多建议,您可以在此搜索关于网络安全的建议。如果希望深入了解此类攻击,请阅读美国政府的相关报告和Nart Villeneuve的报告。
We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human right simplications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China′s economic reform programs and its citizens′ entrepreneurial flair have lifted hundredsof millions of Chinese people out of poverty. Indeed, this great nationis at the heart of much economic progress and development in the world today.
我们已经启动了特别程序在最大范围内通知此次网络攻击的相关方,不仅是因为安全和人权的问题,更重要的是这些信息已经深度涉及了一个更大的议题:言论自由。在过去的20年,中国的经济发展和公民的企业家天赋帮助成百上千万的中国公民脱离了贫困。毫无疑问,这个伟大的国家占据了今天世界经济发展的核心。
We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censorsome results. At the time we made clear that "we will carefully monitor conditions in China, including new lawsand other restrictions on our services. If we determine that we areunable to achieve the objectives outlined we will not hesitate toreconsider our approach to China."
我们在2006年1月发布了Google.cn,是因为我们确信通过一个更加开放的互联网来接触不断增长的信息对中国人民的帮助要远超过Google公司因搜索结果被审查而产生的不快。在那时,我们就已经非常明确的表示:我们将认真关注中国的监管要求,包括新的法律法规和其他与Google服务相关的限制条件。如果我们确信无法达到这些要求的话,我们将立刻重新审视进入中国市场的决定。
These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next fewweeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, ifat all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
上述攻击和监管,特别是过去数年内一系列限制网络言论自由的行为,使得我们得出结论:我们应当重新考虑google在中国进行商业运营的可行性。我们已经决定,在Google.cn上将不再过滤搜索结果;在未来的数周内,我们将与中国政府讨论在何种基础上,我们可以在法律范围内提供未过滤的搜索服务,如果还可以的话。我们充分认识到这也许将意味着我们不得不关闭Google.cn和我们在中国的办事处。
The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success itis today. We are committed to working responsibly to resolve the very difficult issues raised.
重新审视我们在大陆的商业运作是一个异常艰难的决定。我们也了解这也许将带来长远的不良后果。我们只是希望再次申明,此项动议由我们美国总部的管理层所推动,与中国的Google员工无关。感谢他们为Google.cn在中国成功运营所付出的卓越努力。我们将以负责任的态度努力去解决因此产生的各项时艰。
Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer
David Drummond发表,公司首席法务官