Google: Cyberspies Have Many Eyes, and Some Are Looking at Gmail
Google has warned some Gmail users about what it suspects are state-sponsored cyberattacks directed at their accounts. Affected users will see warning messages and will be encouraged to change their log-in info an update their computers. Google hasn't identified any specific country or government as responsible for the attacks.
06/06/12 11:59 AM PT
Google has begun informing certain individual users whom it believes may be the target of state-sponsored cyberattacks.
Those users will see a pink ribbon at the top of their Google pages bearing a warning notice.
However, the warning only means Google believes the account holder may be a target for phishing, malware or some other form of attack and doesn't necessarily mean the account has been hijacked.
Google lists what users can do to protect themselves when they see the warning notice.
What Google Is Saying
Users should be careful about where they sign in to Google and should look for the URL "https://acounts.google.com/" in their browser bars because attackers often send links to fake sign-in pages to try to steal people's passwords, Google said.
On spotting the warning ribbon, users can immediately create a unique password that has a good mix of capital and lower-case letters and punctuation marks and numbers; enable two-step verification for additional security; and update their browsers, operating systems, plugins and document editors, Google stated.
Google said the warnings weren't triggered due to any internal systems being compromised or because of any particular attack.
Further, the company's alerting only a subset of users whom it believes may be targets of state-sponsored attacks. However, it doesn't state who falls within that subset. Nor does it identify the potential targets by country of residence.
Google claims its detailed analysis and victim reports strongly suggest the involvement of states or groups that are state-sponsored.
Who's Doing What Where?
"If this were a warning coming from a small unknown company, one could speculate with good reason that it's an attempt to get attention," Mike Reagan, vice president of LogRhythm, told TechNewsWorld. "But it doesn't do Google any good to be a fear-monger."
It seems strange that a nation-state would bother to target members of the general public when attacks on specific targets would yield much richer rewards, but "it's the shotgun effect -- you spray your shot widely and you'll hit someone," Randy Abrams, an independent security consultant, told TechNewsWorld. "You don't want to focus where the targets can easily protect against attacks; you go where people are searching, you statistically know where they're searching on the Web, and you've got a pretty good chance of hitting them."
Google did not respond to our request for further details.
What About the China Card?
As news of Google's warning spread, speculation that it was aimed at the Chinese authorities began making the rounds.
There are perhaps grounds for making such an assumption. In June of 2011, Washington and Beijing locked horns over Google's assertion that hackers in China broke into the Gmail accounts of several hundred people, including senior government officials in the United States and political activists. The White House issued a denial that its email system had been hacked. However, security experts pointed out that just because the attacks were launched from servers in China, it didn't mean the hackers were backed by the Chinese government.
"It could be any number of countries that would like a path to hitting our economy," LogRhythm's Reagan said. "As it's described, the attack has the potential to chip away at the stability and reliability of one of the leading providers of Internet services ... Ultimately, albeit indirectly, the U.S. takes a hit."
Keeping an Eye Peeled
Google said its duty is to be proactive in notifying users about attacks or potential attacks so they can protect themselves.
"Nobody's going to hate Google for releasing the warnings," Abrams said. "It's a pretty easy win."
Google is "evolving their information security infrastructure to detect sophisticated threats," LogRhythm's Reagan suggested. "They also recognize that it's not a matter of if they'll be breached but when, and they've readied themselves for this. Most people will give Google the benefit of the doubt and heed their warning."