Attacks target high-profile Gmail accounts
Google has detected a campaign to compromise the email accounts of hundreds of users. According to a posting by Eric Grosse, the campaign, which appears to originate from Jinan in China, has targeted high-ranking US government officials, Chinese political activists, journalists, military officers and Asian government officials, particularly from South Korea. The campaign has been collecting Gmail account passwords – "likely through phishing" – in an apparent effort to monitor the contents of the users' email accounts. Google states that its own security has not been breached.
Once Google became aware of the attacks, it took steps to prevent them, informed the victims and backed-up their accounts; it also informed the relevant authorities. Grosse, Engineering Director of the Google Security Team, requests that Gmail users be particularly vigilant, check their accounts for unusual settings such as email forwarding, and use strong passwords. In total, the posting lists seven steps that users can take to help protect their accounts.
Google acknowledges that, in addition to its own cloud-based security and abuse detection systems, it became aware of the attack as a result of reports from its own users and also a report on the Contagio blog. That report states that the attack uses spear phishing, and that victims will typically receive a mail apparently from the address of a known colleague or organisation. The mail will appear to include a link or attachment, clicking on which leads to a fake Gmail login page. The user's credentials are then captured.
The BBC has subsequently reported that a Chinese foreign ministry spokesman has rejected the allegations of involvement and said that it was "unacceptable" for China to be blamed. The official stated that "Hacking is an international problem and China is also a victim. The claims of so-called support for hacking are completely unfounded and have ulterior motives."
It is not the first time that Google and its users have been the target of cyber attacks apparently coming from China. Google said that a major attack in 2009 had targeted the email accounts of Chinese human rights activists. This, together with increasing program information theft and censorship of freedom of expression in the Chinese market made Google consider pulling out of the Chinese market altogether.