Google to warn users targeted by state-sponsored attacks


Virus Guy

Google to warn users targeted by state-sponsored attacks
Tuesday, June 5, 2012

UPDATE: A senior Senate aide confirmed that this evening he received a
warning on his Gmail account that Google suspected he had been the
target of a state-sponsored cyber attack.

Web giant Google is about to announce a new warning informing Gmail
users when a specific type of attacker is trying to hijack their
accounts -- governments and their proxies.

Later today, the company will announce a new warning system that will
alert Gmail users when Google believes their accounts are being targeted
by state-sponsored attacks. The new system isn't a response to a
specific event or directed at any one country, but is part and parcel of
Google's recent set of policy changes meant to allow users to protect
themselves from malicious activity brought on by state actors. It also
has the effect of making it more difficult for authoritarian regimes to
target political and social activists by hacking their private

"We are constantly on the lookout for malicious activity on our systems,
in particular attempts by third parties to log into users' accounts
unauthorized. When we have specific intelligence-either directly from
users or from our own monitoring efforts-we show clear warning signs and
put in place extra roadblocks to thwart these bad actors," reads a note
to users by Eric Grosse, Google's vice president for security
engineering, to be posted later today on Google's Online Security blog,
obtained in advance by The Cable. "Today, we're taking that a step
further for a subset of our users, who we believe may be the target of
state-sponsored attacks."

When Google's internal systems monitoring suspicious internet activity,
such as suspicious log-in attempts, conclude that such activities
include the involvement of states or state-backed initiatives, the user
will now receive the specialized, more prominent warning pictured above.
The warning doesn't necessarily mean that a user's account has been
hijacked, but is meant to alert users that Google believes a state
sponsored attack has been attempted so they can increase their security

Google wants to be clear they are not singling out any one government
for criticism and that the effort is about giving users transparency
about what is going on with their accounts, not about highlighting the
malicious actions of foreign states.

"If you see this warning it does not necessarily mean that your account
has been hijacked. It just means that we believe you may be a target, of
phishing or malware for example, and that you should take immediate
steps to secure your account," Grosse writes. "You might ask how we know
this activity is state-sponsored. We can't go into the details without
giving away information that would be helpful to these bad actors, but
our detailed analysis-as well as victim reports-strongly suggest the
involvement of states or groups that are state-sponsored."

Google insiders told The Cable that Google will not be giving out
information on which governments it sees as the most egregious violators
of web privacy. For Google, the new initiative is not an effort against
governments but a way to help its users help defend and protect

Users who click through the new warning message will be directed to a
page that outlines commonly seen security threats and suggests ways
users can immediately raise their level of security on Gmail.

"We're constantly working to prevent harmful activity on our services,
especially attempts to compromise our users' information," the insider
said. "The primary message is: we believe that you're a target so you
should take immediate steps to protect your account."

The new announcement comes only days after the company said they would
alert users in mainland China when they use search terms that are likely
to be censored by the Chinese government. According to another of
Google's official blogs, that move was meant to improve the search
experience for Chinese users by allowing them to avoid terms that would
result in stalls or breaks in their search experience due to government

For example, Google said that Chinese users searching the character for
"river," which is "jiang" in Chinese, causes technical problems. The
same character is also used in the search for former Chinese President
Jiang Zemin.

Google didn't specifically mention Chinese censorship in its notice
about Chinese search terms, apparently in an effort not to antagonize
the Chinese government any more than necessary. Google and Beijing have
been at odds since 2010, when the company announced it would no longer
censor search terms on the and moved the bulk of its Chinese
operations to Hong Kong.

That move followed a series of Gmail attacks in 2010, directed at
Chinese human rights activists, which were widely suspected to be linked
to the Chinese government. Following those attacks, the
government-controlled People's Daily publicly accused Google of being an
agent for U.S. intelligence agencies.

While last week's announcement and this week's announcement are both
being presented by Google as user based initiatives not directed at
foreign governments, Google CEO Eric Schmidt has been speaking out
publicly and forcefully in recent months about the potential negative
role governments can play in circumventing internet freedom.

"While threats come from individuals and even groups of people, the
biggest problem will be activities stemming from nations that seek to do
harm," he said in London last month.

G. Morgan

Virus said:
"While threats come from individuals and even groups of people, the
biggest problem will be activities stemming from nations that seek to do
harm," he said in London last month.

They also just enabled mutifactor authentication. Gmail users
should have got that email a few days ago.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question