Feeds

Google may exit China after 'highly targeted' attack

Activists hit in 20-company dragnet

Top 5 reasons to deploy VMware with Tegile

Updated Google plans to curb its controversial practice of censoring search results in China after uncovering a "highly sophisticated and targeted attack" designed to steal information about human rights activists from its Gmail service and at least 20 other large companies.

The attack that hit Google in mid-December originated in China and was aimed at accessing the Gmail accounts of human rights activists. Although only two email accounts appear to have been breached, "accounts of dozens of US-, China- and Europe-based Gmail users who are advocates of human rights in China" have been routinely breached, most likely as a result of phishing or malware attacks, the company said Tuesday.

The discovery came as Google uncovered similar attacks on at least 20 other companies in the financial, technology, media, and chemical industries. Adobe Systems issued a separate statement that reported it and and other companies had also come under attack. In light of the revelations, Google said it is considering shuttering its Chinese operations altogether.

"These attacks and the surveillance they have uncovered - combined with the attempts over the past year to further limit free speech on the web - have led us to conclude that we should review the feasibility of our business operations in China," Google's chief legal officer David Drummond wrote here. "We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all."

Drummond said Google has already used the investigation findings to introduce security improvements. The company is also in the process of sharing its findings with law enforcement authorities and the other targeted sites.

"We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech," Drummond wrote.

He didn't provide details about the two breached Gmail accounts except to say that "activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves." The names of the 20 large companies were also omitted.

Drummond's description of an industry-wide attack carried out from China is reminiscent of a warning issued two years ago by the MI5's director-general. In a letter sent in late 2007 to 300 UK chief executives and security chiefs, Jonathan Evans warned the leaders of British businesses to be on the lookout for state-sponsored Chinese hackers carrying out electronic surveillance attacks.

"This is highly likely to be much wider than even Google knows," said Alan Paller, director of research for the SANS Institute. "Two years is a long time in this business." According to The New York Times 34 companies, most of them high-technology companies in Silicon Valley, have been targeted in the attacks, which attempted to access source code repositories. The attackers used Taiwanese internet addresses, the paper reported, citing James Mulvenon, an expert on Chinese cyberwarfare capabilities.

Adobe, whose Acrobat and Reader apps are frequently targeted by attackers to install malware on the machines of its users said here that early this month it learned of a "computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies." While investigators have no indication customer, employee or financial data was accessed, it said a full accounting of the incident will "take quite some time to complete."

Adobe spokeswoman Wiebke Lips declined to elaborate or say whether the disclosure was related to Google's advisory. Adobe on Tuesday fixed a critical Reader vulnerability that was being narrowly targeted in an unusually sophisticated attack. The timing of Google's warning and the fixing of the Reader bug is already touching off speculation that at least some of the attacks exploited the Adobe flaw.

Lending credibility to that theory was a separate Google post that claimed the attack didn't target the companies' servers.

"The route the attackers used was malicious software used to infect personal computers," Dave Girouard, president of Google Enterprise, wrote. "Any computer connected to the Internet can fall victim to such attacks. While some intellectual property on our corporate network was compromised, we believe our customer cloud-based data remains secure."

Google, whose corporate credo is "Don't be evil," entered the Chinese market in 2006 with the promise to censor search results that were objectionable to the country's government. The pledge has often stuck in the craw of free-speech advocates. While Google remains the uncontested search leader in most regions of the world, its share of the Chinese market is about 30 percent, less than half what Baidu has. ®

This story was updated throughout to add details about Adobe, attacks on other companies and market share.

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.