“In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google,” said David Drummond, chief legal officer for Google.
A primary goal of the attackers was to pilfer the accounts of activists in China, but Drummond said that the hackers had been largely unsuccessful. They managed to access the subject lines of emails in two accounts, along with basic information such as the date that the account was created.
However, dozens of human rights advocates from the US, China, and Europe have had their Gmail accounts accessed by third parties, Drummond warned. These victims were not targeted by hacking Google’s servers, but probably through social engineering attacks such as phishing, or client-based malware, he said.
Google, which set up its Chinese operation four years ago in January 2006, said at the time that it was willing to endure censorship of its results in the interest of spreading information more widely. It pledged to carefully monitor conditions in the country.
“We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all,” said Drummond. “We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.”
China’s leading search engine is called Baidu, and was coincidentally also the target of an attack, it was revealed this week. The search engine was reportedly the target of a group claiming to be the ‘Iranian cyber army’. The attack, which involved defacing the Baidu site, mirrored an attack on Twitter late last year.
The attack on Google extended to other companies’ servers, Dummond said: “We have discovered that at least twenty other large companies from a wide range of businesses – including the internet, finance, technology, media and chemical sectors – have been similarly targeted.”
Adobe is in the process of investigating an attack on its servers, the firm said.
Jeffrey Carr, an expert on cyberwarfare and the co-ordinator of the Gray Goose project, which used open source techniques to analyze cyberwarfare data, questioned Google’s motives. He argued that it should also shut down its operations in Russia. “Surely you’ll be re-thinking your interest in ‘gaining a bigger piece of the Russian search market’ because the FSB uses your search engine to gather information on people of interest that oppose Medvedev and Putin,” he mused on his blog.