Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.

We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve's blog and this presentation on the GhostNet spying incident.

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.

We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China."

These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer

中文翻译请用力地戳我

今天跟Emlary討論下在香港找工作的可能性。
我說，如果沒有香港戶籍的話，大陸人過去不過是個高質素的菲傭罷了。
畢竟我有朋友的例子。
朋友現在在大陸有職業醫師資格證書，按道理，職業醫師在香港最低的起薪應該是5萬/月。
但是我朋友沒有香港戶籍，自然沒有辦法申請香港職業醫師資格證，便只能拿著2萬的月薪。
他說只能熬滿七年，然後申請香港戶籍，再申請香港職業醫師證。
等於人一生中最好的七年就要耗在這無盡的等待上了。



最近的心情不是很好，不過該解決的事情已經解決完了。
事隔三年，終於是個了結了。
雖然我相信這對我並非什麽好事，但是如果再繼續下去，只會讓後面更難處理。
壯士斷腕的決心雖然我沒有，但是當斷則斷的心情還是有。
我不想在這裡吐槽某些人，只是我覺得有些事情既然涉及到我的專業操守，那我就還是專業點吧。

最近開始回歸重新寫小說了。

最近麒麟網實在是閑的慌，首先是首席運營官說感謝17173封殺《成吉思汗》。
其實炒作這件事嘛，商業手段而已。
只要不太下作，誰會在意呢？
畢竟搜狐跟麒麟網之間的恩怨實在不好說。
當年麒麟網從搜狐暢遊反水而出，結果《成吉思汗》與《天龍八部》之間的仿真度實在是非常高。
也難怪麒麟網會被搜狐起訴了。

當然最歡樂的事情，是今天午休時發生的一件事情。
今天《成吉思汗》的地推人員帶著一些宣傳物品硬闖17173辦公場所。
麒麟網地推人員給出的解釋，我們誤以為這裡是網吧。
當年北約炸南聯盟大使館的時候也說是誤會。
果然天下誤會很多。

不過最後事件以17173報警解決，相信今天稍晚時候17173與麒麟網都會有各自的新聞出來。
於是，淡定，喝茶，看戲。

---

Updata
麒麟網地推的區域經理來了。
不過我很佩服這個經理，居然當著警察的面主動挑釁。
於是，被帶走了。