Google has decided to stop censoring search results in China, after discovering that someone based in that country had attempted to hack into the e-mail accounts of human rights activists. The company disclosed the move in a startling announcement posted to its blog late Tuesday.
Google said it was prepared to pull its business out of China, if issues around the surveillance and its decision to stop censoring results could not be resolved with the Chinese government.
Although the company did not accuse the Chinese government of being behind the hack attacks, Google said that the attacks, combined with attempts by China over the last year to “further limit free speech on the web” led it to conclude that it needed to “review the feasibility of our business operations in China.”
The company decided it will no longer censor search results on Google.cn, which it had been doing as a concession to the Chinese government since 2006 in order to be able to operate in China. The company didn’t say when it would stop censoring material but stated that it would be discussing with Chinese authorities how it might continue to operate legally in China, if at all, with an unfiltered search engine.
“We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China,” wrote David Drummond, Google’s chief legal officer and senior vice president for corporate development.
A source knowledgeable about the issue told Threat Level that the company is concerned about the repercussions of its decision on its employees in China. The source said the company timed its announcement for late Tuesday in the United States to come after the close of the stock market but also to coincide with early morning in China so that employees there would learn about what was happening before they arrived to work.
Google is “really concerned about their safety and feels that there is a very real possibility that they will be interrogated,” the source said. “They have been [interrogated] numerous times before, and this time they could be arrested and imprisoned.”
The search and advertising giant discovered in December that it was the target of a “highly sophisticated” cyberattack on its corporate infrastructure, which resulted in the theft of intellectual property. However, in investigating the incident, the company wrote on its blog, it soon realized the attack was something more than a simple security breach.
At least 20 other large companies were targeted as well, including other internet and technology companies as well as businesses in the financial, media and chemical sectors.
Google concluded that the primary goal of the attackers who targeted its network was to hack into the Gmail accounts of Chinese human rights activists. The attackers appeared, however, to succeed at obtaining access to only two accounts. That access was limited to basic account information, such as the date the account was created and the subject lines of e-mail, not the content of the correspondence. Google spokesman Gabriel Stricker told Threat Level that the company has already notified the owners of those accounts.
Stricker also told Threat Level that the company went public with the information as quickly as it could.
“We have been working hard to secure our systems, confirm the facts, and notify the relevant authorities,” he said.
The source who is knowledgeable about the investigation, however, told Threat Level that Google’s decision to disclose the attack on Tuesday was also partly due to a decision made by the other targeted companies to keep the attack under wraps.
“They made a specific decision not to go public,” the source said. “You can either go out [with the information] or not, and for whatever reason, they’ve decided not to [disclose].”
He said Google felt it was important to alert the people who are potentially affected by the attack — the activist community.
Shortly after Google disclosed the hack, Adobe posted its own announcement, disclosing that it became aware Jan. 2 that it had been targeted in a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”
Adobe wrote that it currently had no evidence to indicate that any sensitive information — belonging to customers or the company — had been compromised.
The source familiar with the investigation told Threat Level that the intellectual property the hackers obtained from Google was not data that would give them a business advantage over the company, but data that would help the hackers gain access to the activist accounts.
The source said that Google was able to determine definitively that the attack originated in China, and that the attack was sophisticated in a way that Google does not generally experience.
Google is “under attack all the time, primarily via unsophisticated channels,” the source said. “I can’t go into detail to demonstrate the level of sophistication, but [the company] doesn’t use that term lightly, and it is quite deliberate.”
The source added that the implications of the attack are “extremely dark and extremely disturbing.”
“This is truly, truly beyond the pale,” he said. “The political nature of this and the attempt to monitor activists, not only in China but out of it, is chilling.”
In a separate investigation, the company said it discovered that the Gmail accounts of dozens of human rights advocates in the United States, China and Europe were accessed by third parties. These breaches, however, appeared to be the result of phishing attacks targeted at the users with the aim of stealing their account login credentials.
The company said it’s made changes to its architecture to enhance the security of accounts, but also advised users to take precautions to protect themselves, such as being cautious when clicking on links in e-mails and instant messages.
Google launched its Chinese-language search engine, Google.cn, in January 2006. The company said at the time that it did so in the belief that a search engine would help open access to information for Chinese residents. To obtain permission to operate in China, however, the company had agreed to censor search results that the Chinese government deemed objectionable. Google was harshly criticized by civil liberties groups for its concession to Chinese authorities.
The company now appears to be regretting that decision.
“We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech,” Drummond wrote Tuesday about the company’s reversal of its position in China. “The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences.”
The Center for Democracy and Technology expressed strong support for Google’s move.
“Google has taken a bold and difficult step for internet freedom in support of fundamental human rights,” CDT president Leslie Harris said in a statement. “Google has done the right thing in bringing to light the human rights risks it faces, and leaving its door open to discussing with China whether there is a basis for operating in an uncensored manner. ”