Google: We may pull out of China

[DKT27]

Google: We may pull out of China

Google no longer intends to censor search results in China, and if the Chinese government balks, it may take its servers and go home.

The stunning change in Google's policy toward doing business in China--which was always a complicated dance--came after Google discovered that it and other businesses were the victims of "a highly sophisticated and targeted attack" aimed at gathering information about human rights activists. It is not clear whether the Chinese government was behind the attacks, which Google said in a blog post were also directed against other U.S. companies.

Adobe Systems later confirmed its involvement in the attacks with a statement.

"Adobe became aware on January 2, 2010, of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies. We are currently in contact with other companies and are investigating the incident. At this time, we have no evidence to indicate that any sensitive information--including customer, financial, employee or any other sensitive data--has been compromised."

Google released a lengthy blog post Tuesday afternoon authored by David Drummond, senior vice president of corporate development and chief legal officer, discussing the decision to review its policy toward China.

"These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the Web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China."

Google entered China in 2006 with the launch of Google.cn. It knew at the time that it would be forced to censor search results in accordance with the policies of the Chinese government. But it figured it could live up to its famous "don't be evil" pledge without passing up the business opportunity in the fast-growing Chinese market by simply notifying Web searchers that their results had been censored due to local laws.

However, in practice that has been a tricky balance between Google's desire to spread information around the world and the Chinese government's desire to limit the amount of information available on sensitive topics, such as the Tiananmen Square massacre in 1989. The Chinese government is believed to issue very vague guidelines as to what type of content is permitted, and what is not. The end result is that many Internet companies in China censor far more than the government would actually deem offensive.

"We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China."

--David Drummond, Google chief legal officer

Google did not say exactly which human-rights activists were targeted by the attack, nor would it comment on whether or not it believed the Chinese government was behind the attacks. The attackers were unable to obtain the contents of Gmail messages written by two human-rights activists in China, but they were able to access account information and the subject lines of an unspecified number of e-mails.

In addition, Google said it determined that someone was able to gain access to the accounts of several Gmail users who were human rights activists, which the company said was due to phishing schemes rather than a security breach at Google.

An industry source familiar with Google's investigation described the incidents over the past several months as "the straw that broke the camel's back," as far as Google's presence in China was concerned. Google is expected to meet with Chinese government officials over the next several weeks to discuss whether or not it will be permitted to offer an uncensored search engine.

A cash machine in other parts of the world, Google has struggled to replicate that success in China. The Baidu search engine is as dominant in China as Google is in the rest of the world, and Google trails it in China by a significant margin. According to ComScore, Baidu led the Chinese search market with 63 percent of searches in September 2009.

Kai-Fu Lee, the subject of a fierce courtroom battle between Microsoft and Google over his acceptance of a job running Google's China operations, left the company last year to start his own business.

Representatives for Microsoft and Yahoo did not immediately respond to inquiries regarding whether their policies regarding search in China would change as the result of Google's decision. A U.S. representative for Baidu also did not return a call seeking comment on Google's intention to offer an uncensored search engine in China.

Source - CNET

[nsane.forums]

Google.cn may be nearing its life.

View: Original Article

[Bizarre™]

I guess nobody can blame Google if they decide to pull out of China.

[DKT27]

I fully support google in this.

Their govt. sucks in human rights matter. I would also support MS and Yahoo who, I heard, are also planning to leave China.

[jalaffa]

Google also has some very good business reasons to exit China at this time. As the distant number two player to dominant Baidu Inc., which according to comScore Inc. has 62.2% of the Chinese Internet search market, it is not exactly risking a lot. Google had a 14.1% stake in November, comScore said.

And there is another reason. Google needs to protect its own intellectual property. Google said last week's cyber attack on its corporate systems was "highly sophisticated and targeted," originated from China and "resulted in the theft of intellectual property from Google."

Clearly, it does not want to face continued risk to its systems or its own intellectual property. At least 20 other companies systems were also attacked, it said.

Wall Street analysts estimate that China's contribution to Google's revenue are in the $200 million range for 2009, with forecasts of about $300 million coming from China in 2010. That may sound like a decent chunk of revenue, but to Google it is a drop in the bucket, a mere 1% or so of overall revenue, estimated to reach $17.5 billion in 2009.

source (marketwatch)

[DKT27]

Thanx for the article Jalaffa. There was a strong reason I chose to post it in Security & Privacy News over other sections. ;)

[Toshiro]

Attack could be linked to similar incident last year involving around 100 Silicon Valley firms, says iDefense

More details have emerged on the Google hack which has prompted the firm to threaten to pull out of China, including evidence linking the attack to a similar hack on 100 Silicon Valley firms last year, and the possibility that Adobe's corporate network has also been hacked by China.

Google's chief legal officer, David Drummond, explained in a blog posting yesterday that the firm and at least 20 other companies had been the subject of a "highly sophisticated and targeted attack".

The ultimate goal of the attack on Google's systems, according to Drummond, was to access the Gmail accounts of Chinese human rights activists.

Although the blog posting falls short of accusing the Chinese government outright, VeriSign's iDefense managed security services arm has confirmed that state-sponsored parties were to blame.

"Two independent, anonymous iDefense sources in the defence contracting and intelligence consulting community confirmed that both the source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof," said an iDefense statement.

IDefense, which undertakes intelligence work with many government and Fortune 500 clients, goes on to say that the attack has similar characteristics to an email-based attack in July last year which targeted around 100 Silicon Valley firms.

Despite code samples for both being different, "they contact two similar hosts for command-and-control communication", the firm said.

The servers used in both attacks point to IP addresses owned by the same US-based hosting company, Linode, and are just six IP addresses apart from each other, according to iDefense.

"Considering this proximity, it is possible that the two attacks are one and the same, and that the organisations targeted in the Silicon Valley attacks have been compromised since July," the firm added.

There have also been rumours that Adobe has been targeted by state-sponsored Chinese hackers after stating in a blog post that it became aware two weeks ago of "a co-ordinated attack against corporate network systems managed by Adobe and other companies".

"We are currently in contact with other companies and are investigating the incident," noted the posting.

"At this time, we have no evidence to indicate that any sensitive information, including customer, financial, employee or any other sensitive data, has been compromised. We anticipate that the full investigation will take quite some time to complete."

An Adobe spokeswoman said that the company had no additional comment to make.

Mikko Hyppönen, chief research officer at security vendor F-Secure, speculated on the firm's blog that somebody may have been "trying to gain access to [Adobe's] development systems in order to find out new vulnerabilities for future attacks".

Adobe yesterday fixed a zero-day flaw in its Acrobat and Reader software which has been actively exploited in the wild over the past month or so, although there is no hard evidence yet to suggest that this flaw was exploited as part of the Google attack.

View: Original Article

[DKT27]

McAfee: China attackers exploited new IE hole

A new, unpatched vulnerability in Internet Explorer was exploited in the China-based attacks on Google and other companies, antivirus firm McAfee said on Thursday.

Microsoft was expected to release an advisory on the previously undisclosed hole on Thursday, McAfee spokesman Joris Evers told CNET.

A Microsoft spokesman released this statement when asked for comment: "Microsoft is investigating these reports and will provide more information when it is available."

McAfee notified Microsoft of the zero-day hole in the last few days, Evers said. The vulnerability involves the way IE handles JavaScript, he said.

IE is vulnerable on all of Microsoft's recent operating system releases, including Windows 7, McAfee CTO George Kurtz wrote in a blog post.

"As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property," Kurtz wrote. "These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That's when the exploitation takes place, using the vulnerability in Microsoft's Internet Explorer."

Once it is downloaded and installed, the malware opens a back door that allows the attacker to gain complete control over the compromised system and "perform reconnaissance," Kurtz said. "The attacker can now identify high value targets and start to siphon off valuable data from the company," he wrote.

Many targeted attacks involve a "cocktail" of zero-day vulnerabilities combined with social engineering, he said. "So there very well may be other attack vectors that are not known to us at this time," he wrote.

Initially, security researchers investigating the attacks believed that a hole in Adobe Reader was a culprit, but Adobe has said that it has no evidence to suggest that a vulnerability in its technology was an attack vector.

Google disclosed the attacks targeting it and other U.S. companies on Tuesday and said Gmail users who were human rights activists also were targeted.

Source code was stolen from some of the more than 30 Silicon Valley companies targeted in the attack, sources said. Adobe has confirmed that it was targeted by an attack, and sources have said Yahoo, Symantec, Juniper Networks, Northrop Grumman, and Dow Chemical also were targets.

McAfee believes the internal name attackers gave to the operation was "Aurora" based on the file path on the attacker's machine that was included in two malware files that McAfee has analyzed, according to Kurtz.

"That file path is typically inserted by code compilers to indicate where debug symbols and source code are located on the machine of the developer," he wrote.

Wired initially reported the IE hole earlier on Thursday, citing an unnamed source.

Source - CNET

[DKT27]

U.S. plans formal complaint over Google attacks

The U.S. government plans to ask China for a formal explanation regarding the cyberattacks against Google and other U.S. companies, according to a State Department spokesman.

Secretary of State Hillary Clinton had already hinted at such a move in a statement she released when Google first revealed the attacks. "We will be issuing a formal demarche to the Chinese government in Beijing on this issue in the coming days, probably early this week," AFP quoted State Department spokesman P.J. Crowley as saying during a briefing Friday.

Google's disclosure of attacks that are thought to involve more than 30 U.S. companies set off a firestorm in the diplomatic and security communities this week, tapping into growing frustration over trade and China within the U.S. government, according to the report. Google is also considering leaving China altogether unless it is allowed to offer an uncensored search engine, which is not very likely.

Secretary Clinton is expected to deliver "a major policy address on Internet freedom" next Thursday in Washington, D.C., which could be the setting for the introduction of a more comprehensive government policy on cyberattacks and censorship.

CNET

[Bizarre™]

I think China will just deny those allegations :rolleyes:

[DKT27]

IE exploit code released, Germany says use alternate browser

Exploit code for the zero-day hole in Internet Explorer linked to the China-based attacks on Google and other companies has been released on the Internet, McAfee said on Friday.

Meanwhile, the German federal security agency issued a statement on Friday urging its citizens to use an alternative browser to IE until a patch arrives.

McAfee researchers have seen references to the code on mailing lists and confirmed that it has been published on at least one Web site, McAfee Chief Technology Officer George Kurtz wrote in his blog. "The exploit code is the same code that McAfee Labs had been investigating and shared with Microsoft earlier this week," he said.

"The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability," Kurtz wrote. "The now public computer code may help cybercriminals craft attacks that use the vulnerability to compromise Windows systems. Popular penetration testing tools are already being updated to include this exploit."

Microsoft issued a warning on Thursday about the new hole and said it was working on a patch. The vulnerability affects IE 6, 7 and 8 on all the modern versions of Windows, including Windows 7, according to Microsoft's advisory. Microsoft said IE 6 was the browser version being used on the computers that were targeted in the attacks.

Google disclosed the attacks targeting it and other U.S. companies on Tuesday and said the attacks originated in China. Human rights activists who use Gmail also were targeted, Google said.

The company said it discovered the attacks in mid-December and while it did not specifically implicate the Chinese government it says that as a result of the incidents, it may withdraw from doing business in China. Sources familiar with the attack code say the attacks are similar to previous attacks on U.S. corporations that were linked to the Chinese government or proxies operating for the government.

Source code was stolen from some of the more than 30 Silicon Valley companies targeted in the attack, sources said. Adobe has confirmed that it was targeted by an attack, and sources have said Yahoo, Symantec, Juniper Networks, Northrop Grumman, and Dow Chemical also were targets.

McAfee says references in the IE-related attack code it analyzed indicate that the attackers called the operation "Aurora" and that the attack was extremely sophisticated.

Source - CNET

[Bizarre™]

Everyone should really try Firefox some time ^_^