A new approach to China(from Google blog)

[Alex Zhang]

A new approach to China

1/12/2010 03:00:00 PM

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.
像其他著名的组织一样，我们面临不同程度的网络攻击。在12月中旬，我们监测到了来自中国针对我们企业基础设施的高度复杂的攻击并，窃取了Google知识产权。但是，乍看起来单纯是安全事故的（尽管是很大的事故）时间并不是像它看起来的那样。

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
首先，攻击并不是针对Google的。我们的调查指出至少20个其他的包括互联网、财经、技术、媒体、化工等不同行业的大型企业也是攻击的目标。我们现在正在同志这些企业，并且我们也和美利坚合众国的相关部门协同工作。

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
其次，我们有证据指出攻击者的主要目标是存取中国人权活动家的Gmail账户。根据我们的调查结果，我们相信攻击者并没有得逞。似乎只有两个Gmail账户被存取，并且存取的对象也仅限于帐户信息（比如创建日期）以及主题。电子邮件的内容并美i有泄漏。

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.
第三，作为与Google被攻击无关的调查的一部分，我们发现十几个美国，中国和欧洲的推进中国人权的Gmail用户的账户似乎被第三方机械的存取。这些账户并不是通过Google的安全漏洞存取的，看起来好像是钓鱼邮件或者是用户计算机上的恶意软件干的。

We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve's blog and this presentation on the GhostNet spying incident.
我 们已经将这次入侵收集到的信息修补了Google的基础构架并加强了Google以及用户的安全措施。对于用户来说，我们建议他们在计算机上使用知名杀毒 软件以及防间谍软件并安装操作系统补丁、升级浏览器以加强安全性。在打开电子邮件/即时消息包含的链接时或者分享个人资料（比如密码）时总是多加小心。你 可以在这里看看更多的网络安全建议。这类攻击的详细信息可以通过阅读美国政府报告 (PDF)， Nart Villeneuve's blog以及有关GhostNet间谍事件的这个演讲。

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.
我 们已经采取非同寻常的措施向大众分享这次攻击的信息。这并不仅仅因为我们发现它有关安全或者人权问题，更重要的是这些信息已经成为了更大的全球性的关于言 论自由的中心。在过去的20年内，中国的经济改革以及他的人民的经济头脑已经让百万中国人走出贫穷。毫无疑问，这个伟大的国家已经是当今世界经济增长以及 发展的中心。

We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China."
尽管我们对妥协审查搜索结果感到不适，但为了造福于中国人民，创建一个更加开放的网络环境并加强与他们的联系，我们在2006年1月启动了 Google.cn。在那个时我们明确了“我们将认真的监督中国的情况，包括与我们的服务有关的新法律法规与政策。如果我们认为我们已经不能达到目标，我们将毫不犹豫的重新考虑我们的中国策略。”

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
这 些没有报道的攻击和入侵以及（政府）最近几年的进一步限制网络言论自由的尝试迫使使我们作出一个结论，那就是我们应该重新评估我们在中国的商业操作。我们 已经作出决定，不再审查Google.cn的搜索结果。接下来的几周，如果可能，我们将和中国当局就在法律内运营不过滤的搜索引擎进行谈判。我们已经认识 到这可能以为这我们将必须关闭Google.cn，甚至我们的中国办公室。

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
重新评估我们的中国商业计划非常困难，而且我们知道这将可能导致深远的后果。我们要明确的指出这是在美国的执行官作出的决定，和中国的员工无关。他们已经通过不可想象的努力得到了Google.cn今天的成功。我们将负责任地解决这导致的相当困难的问题。

Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer
由高级副总裁、企业发展及首席法律官David Drummond发布。

translated by Alex Zhang

+------------------------------------
|Alex Zhang(Difan)
|eMbedded Linux & Chemistry
|College of Chemistry & Environment
|Qingdao University
+------------------------------------

OpenSource Qingdao University
http://qdu.ac.cn/
Blog
http://difan.org.cn/

[Huston Bokinsky]

Many thanks, Alex.

--
You received this message because you are subscribed to the Google Groups "Qingdao Linux Users Group" group.
To post to this group, send email to qd...@googlegroups.com.
To unsubscribe from this group, send email to qdlug+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/qdlug?hl=en.