Google has announced that Chinese hackers may have been able to gain access to emails of senior government officials in the U.S. and South Korea for more than a year.
Whilst this is speculative advice on the part of security researchers, the Evening Standard London newspaper claimed that a White House spokesperson said that the reports were being checked, but there was no reason to assume that any government official email accounts in the US have been tampered with. However, Google decided to reveal the attack with the aim of warning other users about the potential security issues that are currently circulating.
The threat was brought to Google's attention after security researchers and experts uncovered a bold campaign by hackers who were collecting users passwords to access the email accounts. Google has notified the owners of any compromised accounts and secured them accordingly.
The Evening Standard also reported that the volume of this kind of cyber attack is now reaching “epidemic proportions.” If that is the case then we should all be diligent when logging into our accounts via links that look like they lead to our webpages.
Spear phishing
Spear phishing is not an uncommon scam and means email users are tricked into giving out their login details to web pages that resemble their email account homepage. The user will log into their account and the hackers receive their login details once they click the link. On top of this, the hackers are able to connect to Gmail’s service so that any incoming emails can be forwarded to another account which is the owned by the hacker, enabling them to peruse any emails that they may be able to use to their advantage.
Second attack by China?
Google stated in its official blog in January 2010 following a previous attack that “First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.”
Google continued to say “... we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists”.
It is apparent that this might be another attack from a similar source, but the situation also questions why government officials were using their Gmail account for business, when it is a free web-based email address, and exactly what information has been revealed. However, given the media’s strong hold on publishing any technological security breaches, those with these type of accounts whether they be Gmail, Hotmail, Yahoo, and so on, should be diligent as to the potential security threats. We have seen in the past year similar phishing scams with Internet Explorer.
Google gave further advice on how a user can help to maximise their security in their “ Keeping your data secure ” page.
Sources:
- “Google emails 'hacked for year or more'” - Evening Standard London, 2 June 2011.
- "Severe Security Breaches hit Microsoft Internet Explorer" – Suite101, 8 February 2011.
- Google’s official blog.
- Google’s “ Keeping your data secure ” page.
Kelly Foxhall - Kelly by trade is an IT Training Manager at a London law firm. She is also an Internet Journalist that writes about technology, law and ...
Join the Conversation