We are going on hour 12… What will Google do? It certainly is an interesting question. If you haven’t seen the 300 stories on the Internet, Google has threatened to withdraw from the Chinese market amid concerns of security of their systems, theft of intellectual property, and censorship.
I have to admit this story is very compelling as a security researcher, and as a Google user. Senior Vice President David Drummond made several interesting points in his blog including a concern about theft of Google’s intellectual property. They have not disclosed any details as to what was stolen.
There was a lot of controversy in 2006 when Google established google.cn around their world famous slogan “Don’t be evil”. They in fact testified before the U.S. House of Representatives with their plan for self-censorship that would still provide unprecedented detailed information to the 300+ million internet users in China. It was an ambitious plan and an enormous market opportunity.
Some have showed little sympathy for Google turning their own slogan against them. They say if Google had held true to its virtues it would not have agreed to the censorship to begin with… Just desserts if you will.
Some are reporting that the exploit in Adobe’s Reader software that was patched yesterday was the likely avenue the attackers used to plant their malware on Google’s systems. Without some disclosure from Google it is difficult to tell. Either way, be sure to patch your Reader software, as this patch is known to have been exploited in the wild for some time.
It is unclear how Google feels about its withdrawal from China will protect them from further espionage or attacks. As they point out themselves, all of these computers are connected to the internet. An organization as large as Google will inevitably have an occasional security lapse and it seems unlikely that exiting the Chinese market will prevent them from being a continued target.
It is always difficult to prove that any particular event is related to state-sponsored hacking. It is clear that Google feels it has very strong evidence that this is the case or it would not disclose publicly such an attack. As recently as September 2009 Google’s Eric Schmidt was quoted as saying “China has 5,000 years of history and Google has 5,000 years of patience when it comes to China. We are in this for the long term.” The dramatic change in stance could signal a trend for other companies who were allegedly victimized by the same attackers.