Google users come under Chinese attack
Published 02/06/2011 | 08:20
A concerted Chinese campaign to hack in to the personal email accounts of senior US government officials, Chinese political activists, military personnel and journalists has been uncovered by Google.
The search giant said it had traced a so-called "spear phishing" bid to Jinan, China. The coordinated attacks involved tailored emails being sent to hundreds of individuals. Appearing to come from a person known to the victim, each email led to a fake Google gmail log in page where users would normally enter their password.
In a blog post, Google said that "The goal of this effort seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change peoples'forwarding and delegation settings. Google detected and has disrupted this campaign to take users' passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities."
The attack targeted individuals rather than Google's own systems. Its aim was to fool people into voluntarily handing over their login details. A Google spokesman said that while the company could determine where the attacks apparently came from, "we can't say for sure who is responsible. Our focus now is on protecting our users and making sure everyone knows how to stay safe online."
It is not known whether other email providers have been targeted in similar attacks. In January last year, however, Google said that it had uncovered a concerted bid to undermine both its own systems and those of other providers such as Yahoo. At the time, the company said that it was the victim of "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google".
Google has recently introduced improved security features, including "two-step authentication", where users are asked to enter both a pin generated by their mobile phone and a password to access their emails.