Google announced on Tuesday that the Internet giant is considering exiting the Chinese market after sophisticated online attacks targeted its systems to breach the Gmail accounts of pro-democracy activists.
In a post to its blog, the company stated that an investigation into an attack against the Gmail accounts of pro-democracy activists turned up evidence of a much broader assault against Google's systems. The attack -- first noticed in mid-December and considered "highly sophisticated and targeted" -- resulted in the "theft of intellectual property," the company stated. It's unclear from the statement whether the two Gmail accounts accessed by attackers constituted intellectual property.
As a result of the investigation's conclusions, Google intends to stop filtering its results in the Chinese market and open up a debate with the government to discuss its business, David Drummond, chief legal officer for Google, said in the blog post.
"These attacks and the surveillance they have uncovered -- combined with the attempts over the past year to further limit free speech on the web -- have led us to conclude that we should review the feasibility of our business operations in China," Drummond said. "We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China."
Google is not the only company to suffer these recent attacks. At least 20 other companies were also targeted, Google stated. A report in the Wall Street Journal put the number as high as 34 firms. On Tuesday, Adobe posted a notice to its own Web site confirming that the company had also detected attacks against its systems.
"Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies," the company stated. "We are currently in contact with other companies and are investigating the incident."
An Adobe spokesperson did not confirm whether the attacks came from China or were related to Google's announcement.
While other companies have not yet come forward, Google decided to publicize the attacks "not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech," Google's Drummond said.
In addition to the two Gmail accounts accessed through targeted attacks, Google's investigation also revealed the widespread access to other Gmail accounts of other activists Chinese human rights, apparently using valid credentials, suggesting that the usernames and passwords were obtained through phishing attacks.
In making the announcement, Google's U.S.-based executives attempted to shield their employees in China.
"The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences," Drummond stated. "We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today."
If you have tips or insights on this topic, please contact SecurityFocus.
UPDATE: The original article was updated with a comment, or lack thereof, from Adobe's spokesperson.
Posted by: Robert Lemos