Do you have a Gmail account? Google is loudly warning users about “suspected state sponsored attacks.”
When the Mountain View, Calif., company believes a particular account is under assault, it has begun flashing on that user’s screen: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”
Google's warning about suspected Gmail attacks. (Source: Google)
If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account…
You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis -- as well as victim reports -- strongly suggest the involvement of states or groups that are state-sponsored.
All eyes immediately turned to China. Google did not name any nations in its announcement, but just a few days ago, it did announce announced its intent to help Chinese users sidestep censorship. When a Chinese user conducts a search that Google believes may produce censored results, it notes the possibility of censorship and suggests alternative terms that may yield better, unfiltered results.
China’s newest move in this long-running tit-for-tat with Google seems to be a step it has taken in the past: targeting Gmail.
A year ago, South Korean officials, human rights activists, and others may have had their Gmail accounts compromised by Chinese hackers, according to press reports at the time. This time, the attacks may be way beyond academic. Foreign Policy reported on Tuesday: “A senior Senate aide confirmed that this evening he received a warning on his Gmail account that Google suspected he had been the target of a state-sponsored cyber attack.”
It is a big deal when Google tells an inside-the-Beltway power broker that foreign governments are attempting to infiltrate his email account.
The Cable, a blog on Foreign Policy, elaborated on the matter:
Google insiders told The Cable that Google will not be giving out information on which governments it sees as the most egregious violators of web privacy…
“We’re constantly working to prevent harmful activity on our services, especially attempts to compromise our users' information,” the insider said. “The primary message is: we believe that you're a target so you should take immediate steps to protect your account.”
The security researcher Christopher Soghoian put up a tantalizing Tweet: “If the NSA, as part of its relationship with Google, shared foreign state attacker info, would Google reveal NSA was the source? Doubtful.” In a Tweeted response to a question that I asked, Soghoian wrote: “There is no way to know the source of Google's state attacker warnings. Could be NSA, could be google's own security team.”
In the meantime, Marc Ambinder, a journalist on the security beat, posted to his Twitter account: “Google sends me this message: ‘...state-sponsored attackers may be attempting to compromise your account or computer.’ Thanks, China.” That Tweet may mean China is attempting to infiltrate journalists’ accounts. Ambinder had not responded to a request for elaboration at the time of this writing.
What triggered the loud Google announcement? The Wall Street Journal reported that the US government may be behind Google’s warning: “Google and other U.S. technology companies... have been under increasing pressure from the U.S. government to push back.” That means against attempts not just by China, but also by governments in the Middle East and Asia, to monitor Internet traffic, according to the paper.
Twitter users across Asia apparently have been posting that they have received the Gmail warning. However, according to the WSJ, “some users were disappointed not to have received a warning, taking it as a sign their activist chops weren't up to snuff.”
China’s government has not responded to press inquiries about its possible role in attempts to hack Gmail accounts, but it rarely responds directly to such questions.
Another Internet Evolutionary, Jason Mick, has addressed the issue of forcing off certain ISPs etc. Not an easy decision to make. But it seems necessary sometimes.
Gently, Ms. Fisher. Invoking "Tail Gunner Joe" is about as inflammatory as blaming the Chinese for all state-sponsored hacking. Let's keep the politics out of technical discussions, yes? I'd be interested to hear your thoughts on possible ways to stop the long-term, persistent attacks that some web-attached companies have been suffering for the past couple of years. Shun certain sub-nets? Black-hole entire countries? Inquiring minds want to know!
I think my latest solution is to keep nothing online which needs to be protected by a password. I'm stashing cash in my mattress anyway, anticipating a run on banks.
Mary, most security geeks think most of the state sponsored hacking originates in China - but they also acknowledge that the US is very capable of same and a few other states (Israel, France, possibly Russia, certainly North Korea) have at least limited activity.
Personally I think what Google did is good. This week is a reminder that we all ought to practice rigirous security precautions (such as changing passwrds monthly and using strong passwords).
Passwords seem to be a broken tool but they are what we presently have so we have to make the best of it.
And Google never itself pointed a finger at China. Google in the past has been careful about attribution. Even when it has indicated it thought China was behind something it added that in an era of spoofs it is hard to say with certainty who is doing what
Good points, DukeW. But it still makes me wonder why Google chose to frame the statement as it did. Still, perhaps this was the best way to communicate the reality of what's going on.
Let's hope the threat passes without any online casualties.
Mary, the primary reason for Google letting people know there's a problem is to warn them that bad actors are targeting them. It's interesting that Google didn't mention China, nobody is saying China, but everybody who hears about this thinks first of China. Chances are that's because the PRC has been implicated in several previous cases, and it's been all over the news. Is this a classic disinformation campaign, aimed at a possible rival, or is this a case of where there's smoke, there's fire? Whomever is responsible for the reprehensible behavior, would you rather be ignorant of the issue, or know about it so you can take steps to protect yourself and any potentially useful data? In this case, ignorance might not be bliss.
By casting suspicion on China, I think Google is crossing the line. Unless they have actual proof, I will stay skeptical. But it concerns me that Google would do something this manipulative.
Nicole, - I too hesitate at first in pointing a finger towards China. For the reason that they seem to have succesfully excommunicated Google and everything of it from China anyway. Then again they could still be interested seeing as they are part of the team that is strongly pushing for the UN's bid to control the internet.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Businesses are cutting the landline tether surprisingly quickly.
"The rise of the cellphone-only worker is happening at lightning speed," wrote David Cameron, president of the IT services firm Rhode Island-based Conduit Systems, in an email.
The drumbeats are loud. Google, reports filter out of Asia, is preparing to manufacture its own Chromebook, to be branded Google and/or Nexus.
The blunt question: Is this dumb or smart on the part of the Mountain View, Calif.-based company?
Hurricane Sandy -- one of the most expensive storms ever, causing an estimated $50 billion in damages -- may have devastated New Jersey and parts of New York. However, it also may turn into the poster child for the why of cloud-based disaster recovery and business continuity services, according to providers, and financial institutions are among the companies most likely to take the plunge.
Call this the ultimate bar brawler question among telephony geeks: Is Skype business-grade quality, or is it best used for calling the folks back in County Donegal on the odd Sunday for free? (See: It's Too Soon to Hang Up on Skype.)
Businesses attempting to stuff the ballot box on Yelp with paid-for favorable reviews will feel the pain of full public disclosure and humiliation. In a blog last week, Yelp made it plain it intended to root out and destroy businesses that sought to buy positive scores.
US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
Is China a threat because it censors US sites, or could it be that the country might have an economic formula that will out-innovate us on the Internet that we invented?
In the final episode of this series about the death of Internet anonymity, Saunders describes how the Internet of the future will start to attain a level of intelligence that requires no human intervention. Scary.
What can users today do to protect their online privacy? The simplest and most obvious option is to not use the Internet – at all. However, once all digital information is consolidated over the Internet, trying to protect digital identity by simply unplugging from the Internet becomes impossible – a fact that has manifest implications for civil liberties, Saunders says.
By 2011 the number of Internet-connected sensors will exceed 1 trillion, making your chances of doing anything or going anywhere unnoticed pretty much zero. Saunders talks about how the 'sensortization' of the Internet is eliminating the traditional divide between online and offline populations.
The 20th Century Internet was characterized by the ability to interact with other people and information on the Internet largely without anyone knowing who you were. The Internet of this century, conversely, will be defined by identity. Saunders explains how Internet users are unwittingly contributing to the demise of the anonymous Internet.
The decision could discourage innovators looking to the past, and require companies to build from the ground up, leading to a new generation of stagnation in the IT world.
It wouldn't be the first time, but a group of Chinese engineers has proposed a means by which the Internet's root could be split, enabling secondary, independent networks that could be government-controlled. The Internet's root security committee is taking such proposals seriously.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
