{
	"id": "ecee62ba-51a3-42e4-b59a-bb05276a7485",
	"created_at": "2026-04-06T01:29:28.230661Z",
	"updated_at": "2026-04-10T13:12:26.54227Z",
	"deleted_at": null,
	"sha1_hash": "bcf5a00f264145d1f7eb0b975c551e1077183073",
	"title": "A new approach to China",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34440,
	"plain_text": "A new approach to China\r\nBy Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer\r\nPublished: 2010-01-12 · Archived: 2026-04-06 00:40:18 UTC\r\nLike many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from\r\nChina that resulted in the theft of intellectual property from Google. However, it soon became clear that what at\r\nfirst appeared to be solely a security incident--albeit a significant one--was something quite different.First, this\r\nattack was not just on Google. As part of our investigation we have discovered that at least twenty other large\r\ncompanies from a wide range of businesses--including the Internet, finance, technology, media and chemical\r\nsectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are\r\nalso working with the relevant U.S. authorities.Second, we have evidence to suggest that a primary goal of the\r\nattackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date\r\nwe believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and\r\nthat activity was limited to account information (such as the date the account was created) and subject line, rather\r\nthan the content of emails themselves.Third, as part of this investigation but independent of the attack on Google,\r\nwe have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates\r\nof human rights in China appear to have been routinely accessed by third parties. These accounts have not been\r\naccessed through any security breach at Google, but most likely via phishing scams or malware placed on the\r\nusers' computers.We have already used information gained from this attack to make infrastructure and\r\narchitectural improvements that enhance security for Google and for our users. In terms of individual users, we\r\nwould advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install\r\npatches for their operating systems and to update their web browsers. Always be cautious when clicking on links\r\nappearing in instant messages and emails, or when asked to share personal information like passwords online. You\r\ncan read more here about our cyber-security recommendations. People wanting to learn more about these kinds of\r\nattacks can read this Report to Congress (PDF) by the U.S.-China Economic and Security Review Commission\r\n(see p. 163-), as well as a related analysis (PDF) prepared for the Commission, Nart Villeneuve's blog and this\r\npresentation on the GhostNet spying incident.We have taken the unusual step of sharing information about these\r\nattacks with a broad audience not just because of the security and human rights implications of what we have\r\nunearthed, but also because this information goes to the heart of a much bigger global debate about freedom of\r\nspeech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have\r\nlifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much\r\neconomic progress and development in the world today.We launched Google.cn in January 2006 in the belief that\r\nthe benefits of increased access to information for people in China and a more open Internet outweighed our\r\ndiscomfort in agreeing to censor some results. At the time we made clear that \"we will carefully monitor\r\nconditions in China, including new laws and other restrictions on our services. If we determine that we are unable\r\nto achieve the objectives outlined we will not hesitate to reconsider our approach to China.\"These attacks and the\r\nsurveillance they have uncovered--combined with the attempts over the past year to further limit free speech on\r\nthe web--have led us to conclude that we should review the feasibility of our business operations in China. We\r\nhttps://googleblog.blogspot.com/2010/01/new-approach-to-china.html\r\nPage 1 of 2\n\nhave decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few\r\nweeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered\r\nsearch engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and\r\npotentially our offices in China.The decision to review our business operations in China has been incredibly hard,\r\nand we know that it will have potentially far-reaching consequences. We want to make clear that this move was\r\ndriven by our executives in the United States, without the knowledge or involvement of our employees in China\r\nwho have worked incredibly hard to make Google.cn the success it is today. We are committed to working\r\nresponsibly to resolve the very difficult issues raised.Update: Added a link to another referenced report in\r\nparagraph 5.\r\nSource: https://googleblog.blogspot.com/2010/01/new-approach-to-china.html\r\nhttps://googleblog.blogspot.com/2010/01/new-approach-to-china.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://googleblog.blogspot.com/2010/01/new-approach-to-china.html"
	],
	"report_names": [
		"new-approach-to-china.html"
	],
	"threat_actors": [
		{
			"id": "3cc6c262-df23-4075-a93f-b496e8908eb2",
			"created_at": "2022-10-25T16:07:23.682239Z",
			"updated_at": "2026-04-10T02:00:04.708878Z",
			"deleted_at": null,
			"main_name": "GhostNet",
			"aliases": [
				"GhostNet",
				"Snooping Dragon"
			],
			"source_name": "ETDA:GhostNet",
			"tools": [
				"AngryRebel",
				"Farfli",
				"Gh0st RAT",
				"Gh0stnet",
				"Ghost RAT",
				"Ghostnet",
				"Moudour",
				"Mydoor",
				"PCRat",
				"Remosh",
				"TOM-Skype"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "e91dae30-a513-4fb1-aace-4457466313b3",
			"created_at": "2023-01-06T13:46:38.974913Z",
			"updated_at": "2026-04-10T02:00:03.168521Z",
			"deleted_at": null,
			"main_name": "GhostNet",
			"aliases": [
				"Snooping Dragon"
			],
			"source_name": "MISPGALAXY:GhostNet",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775438968,
	"ts_updated_at": 1775826746,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bcf5a00f264145d1f7eb0b975c551e1077183073.pdf",
		"text": "https://archive.orkl.eu/bcf5a00f264145d1f7eb0b975c551e1077183073.txt",
		"img": "https://archive.orkl.eu/bcf5a00f264145d1f7eb0b975c551e1077183073.jpg"
	}
}