The Gmail accounts of hundreds of high-profile individuals were hijacked through a so-called spear phishing campaign originating in China, according to Google.
Hackers apparently gained access to users’ accounts using passwords likely obtained through malicious software and targeted phishing techniques.
The individuals targeted included Chinese political activists, senior U.S. government officials, South Korean government officials and government workers of other Asian countries, journalists and military personnel.
On Thursday, U.S. Secretary of State Hillary Clinton told reporters the FBI will investigate the matter.
Sounding the Alarm
Google alerted users in a blog post detailing the account intrusion and providing information on how to stay secure in the future.
The company stated it’s notified victims and relevant government authorities and has secured the accounts in question.
Google believes the scam originated in Jinan, China, a little more than a year after a similar hijacking scam originated in that country. In that case, several human rights activists were targeted.
The first attack factored into Google’s decision to cease its agreement to censor certain search results in China, and the company pulled its servers out of the country.
This time the attack is larger, but unlike the previous intrusion, Google’s servers weren’t accessed in this instance. Instead, the hackers apparently used social engineering to break into the accounts.
Google declined to discuss how this would affect its already rocky relationship with China.
“We won’t be commenting on speculation,” Christine Chen, senior manager of global communications and public Affairs for google, told TechNewsWorld.
The goal of this effort, according to Google seems to have been to monitor the contents of the victims’ email. The perpetrators apparently used stolen passwords to change the accounts’ forwarding and delegation settings.
That was made possible through a technique calls “spear phishing,” a highly focused type of attack that uses personal information to trick the recipient into believing the message comes from a trusted sender.
“Spear phishing is phishing where the message is aimed at a specific individual and contains information particular to that individual to make the message seem authentic,” Tom Berson, founder of Anagram Labs and an expert in cyberattacks, told TechNewsWorld.
For example, a phishing attack might send a message that reads “Your bank account at Acme Bank is about to expire, click here to restore your information.”
To even a casual computer user, this type of attack is fairly obvious and doesn’t present much of a threat.
A spear phishing attack, however, would attempt to gain the victim’s trust by using personal information the attacker already knows. A message from a spear phisher regarding banking information would use the recipient’s bank name, bank account number, credit information, or other personal material, giving someone much more reason to believe the message is legitimate.
Increased Security for Users
To up security on Gmail accounts, Google has implemented “two-step authentication,” which asks users to enter not only their passwords, but also a pin generated by their mobile phone.
It’s one step closer to safety, but experts warn that cyberwarfare is becoming more prevalent, and technology users need to stay vigilant.
“No matter where you live or work, the Internet puts every criminal in the world less than a second from your house or office. Be skeptical about the authenticity of all Internet communication. Slow down and think. If a message makes you think twice, ignore it, or seek independent confirmation,” said Berson.