更多有关于 “ Google ” 的文章，请点击这里。
A new approach to China
January 12, 2010
2010 年 1 月 12 日
Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.
如同很多其他广为人知的组织一样，我们经常遭受到不同程度的网络攻击。在 2009 年 12 月中旬，我们探测到了一次目标非常明确，复杂程度很高的攻击，这次攻击来自中国，针对的是 Google 公司的基础设施，攻击窃取了 Google 公司的一些信息。但是，我们很快就发现事情并非想象中那么简单，这绝不是一起单纯的安全事件 —— 尽管已经相当严重 —— 这是一件完全不同的事情。
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
首先，这次攻击所针对的不仅仅是 Google 。在调查过程中我们发现，还有至少 20 家大型公司遭到类似的攻击，涉及互联网，金融，技术，传媒以及化学领域。我们正在通知这些公司，同时我们也在和相关美国政府机构合作。
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
第二，我们有证据表明攻击者的主要目的是企图访问 “ 中人国权活人动士 ” 的 Gmail 帐户。基于我们现在的调查，我们确信攻击者没有达到目的。只有 2 个 Gmail 帐户看起来被访问过，而且被访问的仅仅是帐户信息（比如帐户创建日期）以及邮件标题行，邮件的内容并没有被访问。
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.
第三，作为调查的一部分，但与本次针对 Google 的攻击无关，我们发现有第三方在定期的访问美国、中国、欧洲的许多 “ 人持权支者 ” 的 Gmail 帐户。对这些帐户的访问并不是通过 Google 认可的方式，大多是通过钓鱼欺诈手段，以及位于用户电脑中的恶意软件进行。
We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this Report to Congress (PDF) by the U.S.-China Economic and Security Review Commission (see p. 163-), as well as a related analysis (PDF) prepared for the Commission, Nart Villeneuve’s blog and this presentation on the GhostNet spying incident.
我们已经利用从这次攻击中获取的信息来改进我们的基础设施和架构，以提高安全性。对于用户来说，我们建议大家使用专业的防毒和防间谍程序软件，及时安装操作系统补丁，并及时更新网络浏览器。要谨慎点击即时消息和邮件中插入的链接，并提防公开个人信息的请求。可以通过阅读这里来了解网络安全建议。如果想多了解这类攻击，可以阅读美国政府的报告，NartVilleneuve 的博客，以及这份关于 GhostNet 间谍事件的演示文档。
We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China’s economic reform programs and its citizens’ entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.
我们已经采取非常措施来广泛的共享这次攻击的信息，并不仅仅出于安全和 “ 认权 ” 方面的原因，更因为这些信息关系到一个全球性的话题 —— “ 言自论由 ” 。在过去的二十年中，中国的经济改革以及中国人在经济方面的才能使得亿万中国人摆脱了贫穷。的确，这个伟大的国家位于今日世界经济发展的核心。
We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that “we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.”
我们在 2006 年 1 月启动了 Google.cn ，我们希望为中国人民提供更好的信息访问能力以及一个更开放的互联网，为了这个目标，我们愿意承受搜索结果审查给我们带来的不快。那时候，我们已经表明了一个观点，那就是 “ 我们会谨慎的考量中国的环境，包括新的法规以及其他对于我们服务的限制。如果我们确定无法达到我们规划的目标，我们将毫不犹豫的重新考虑在中国的策略。”
These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
前文提到的攻击和监视，以及在过去一年中企图进一步限制网络言论自由的行为，已经促使我们重新考量在中国展开我们业务的可行性。我们已经决定不再继续审查 Google.cn 的搜索结果，所以在接下来的几周内，我们将与中国政府讨论在什么条件下才能允许我们提供一个不用过滤的合法的搜索引擎，如果这种搜索引擎存在的话。我们意识到这很大程度上意味着我们将关闭 Google.cn ，并可能关闭我们在中国的机构。
The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.
做出重新考量我们在中国的商业运作的决定非常艰难，而且我们意识到这将导致深远的结果。我们想澄清一点，即这个决定是由 Google 美国总部做出，与我们在中国的雇员无关，Google.cn 取得今日的成功与中国雇员的辛勤工作密不可分。我们将努力解决这个非常棘手的事件。
Update: Added a link to another referenced report in paragraph 5.
Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer
- 《 Google Official Blog : Testimony : The Internet in China（谷歌官方博客：听证会证词：中国的互联网）》
- 《 Google Official Blog : A new approach to China（谷歌官方博客：针对中国的新策略）》
- 《 Google Official Blog : A new approach to China : an update（谷歌官方博客：针对中国的新策略：更新）》
- 《 Google Official Blog : Next steps in cyber security awareness（谷歌官方博客：网络安全意识的下一步）》