Thursday, June 02, 2011

China targets Gmail users with phishing attack

Google has announced that hackers inside China have compromised personal e-mail accounts of hundreds of top US officials, military personnel and journalists with carefully targeted phishing attacks [BBC / Telegraph / Daily Mail / Guardian / Bloomberg /].  

The news of the breaches comes after news emerged that the Pentagon were to implement a new policy concerning cyberattacks and the possible retaliative action the US might take [tvnewswatch].

Google said its own security was not breached but said the phishing attack had gleaned some individuals' passwords. In Washington, the White House said it was investigating the reports but did not believe official US government e-mail accounts had been breached. Chinese political activists around the world and officials in other Asian countries, particularly South Korea, were also targeted.

"Google detected and has disrupted this campaign to take users' passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities," the company said in a blog post

Google declined to say who was behind the attack, nor how they traced the source of the attacks to Jinan in Shandong province, China.

Spear phishing

The e-mail scam used a "spear phishing" in which specific e-mail users are duped into divulging their login credentials to a web page that resembles the original one.

Those targeted in the latest attack received emails apparently from friends or colleagues which directed them to pages asking for their Gmail password. While some details on the fake pages were different, many were subtle and may well have been missed by Gmail users.

Google only made the news public yesterday, but in another blog posted in February by Contagio details were published detailing sophisticated "spear phishing" attacks targeting Gmail users.

Those initiating the attacks might create rules to forward all incoming mail to another account. The third party account ID may be made to closely resemble the victims ID. The hacker may just simply access the account to read mail and gather information about close associates, family and friends, especially frequent correspondents.

Such information is useful for many things, particularly in constructing spoof email in order to launch further phishing attacks [Forbes].


By simply reading a victim's email, many may not realise they have been hacked. However Gmail does have several security features some of which people should enable.

Google says users should implement 2 step verification in which Gmail users are sent a one time only code to a mobile device every time they log in to their account. Users should use https, secure, wherever possible and use a strong password. Google set this by default but some users have reverted to http in settings since https can be slower on some connections. Google have also implemented other security features which might alert people to suspicious behaviour.

Last year, soon after Google's spat with China over hacking attacks, the company introduced features to warn users of suspicious activity within their account. Gmail users may be given a warning if the company detects accessing of accounts from two different geographic regions within a short amount of time [googleonlinesecurity / gmail blog].

'Act of war'

The latest attacks raise many questions. The fact that the victims were people with access to sensitive, even secret information, raises the possibility that this was cyber espionage, not cyber crime. But it is unclear whether it will be seen as an 'act of war'.

Speaking on CNN recently, former General Wesley Clark confirmed the Pentagon was soon to release a new policy to warn off potential hackers. Clark said the policy was firstly one of deterrence, but added such attacks "could be met by force".

"When they come after our national security and it's not just a matter of data collection but as a matter of interfering and critical national infrastructure -- then, yes, it has to be viewed as an attack, and it is best to enunciate that up front so that there is no misunderstanding," Clark said.

While the 'spear phishing' attack constitutes a data mining exercise, the repercussions are nonetheless concerning.

The deliberate attacks undermine US interests, politically and economically. This attack could affect the development of cloud based services as people see them as vulnerable. Google has already seen a drop in its share value. Its stocks dropped from around $530 to $525.60 in the day's trading, though the company has seen a decline of its stock value since January amounting to a 12% fall.

China denials

Many cyberattacks in recent years have been unofficially traced to China, with heavy suspicion falling on the PLA. China has persistently denied any involvement in such attacks, claiming that it is the target of attacks itself. Following announcement of hacks on Lockheed Martin a spokesman for the Chinese Embassy in Washington refuted any link to China. "I'd say it's just irresponsible to arbitrarily link China to such cyber hacking activities in each and every turn," Wang Baodong said in an email to Reuters. "As a victim itself, China is firmly against hacking activities and strongly for international cooperation on this front".

tvnewswatch, Beijing, China

No comments: