For the first time, we are seeing Google stand up to the suppressive policies of China. In their new approach, Google says it is withdrawing all its censorship filters that they had earlier put for google.cn In addition, should Chinese law prevent a smooth operation, Google is willing to shut down their offices and move out.
While this response is laudable, what is much more frightening is this:
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.
This prima facie information suggests a number of human rights advocates, writers, etc have their online identities compromised. This is serious.