China hits back at Google over email cyber attack claims
Google's claims that a concerted Chinese campaign to hack in to the personal email accounts of senior US government officials and Chinese activists have been condemned as "unacceptable" by Beijing.
The search giant said it had traced a so-called "spear phishing" bid to Jinan, China. The coordinated attacks involved tailored emails being sent to hundreds of individuals. Appearing to come from a person known to the victim, each email led to a fake Google gmail log in page where users would normally enter their password.
"Blaming these misdeeds on China is unacceptable," Hong Lei, a Chinese foreign ministry spokesman told a news briefing in Beijing.
"Hacking is an international problem and China is also a victim. The claims of so-called Chinese state support for hacking are completely fictitious and have ulterior motives."
China has said repeatedly it does not condone hacking, which remains a popular hobby in the country, with numerous websites offering cheap courses to learn the basics.
In a blog post, Google said that "the goal of this effort seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change peoples' forwarding and delegation settings. Google detected and has disrupted this campaign to take users' passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities."
The attack targeted individuals rather than Google's own systems. Its aim was to fool people into voluntarily handing over their login details. A Google spokesman said that while the company could determine where the attacks apparently came from, "we can't say for sure who is responsible. Our focus now is on protecting our users and making sure everyone knows how to stay safe online."
It is not known whether other email providers have been targeted in similar attacks. In Jnuary last year, however, Google said that it had uncovered a concerted bid to undermine both its own systems and those of other providers such as Yahoo. At the time, the company said that it was the victim of "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google".
Google has recently introduced improved security features, including "two-step authentication", where users are asked to enter both a pin generated by their mobile phone and a password to access their emails.