Gmail accounts breached in China, Google says

2 Jun 2011

Attackers based in China have stolen Gmail login details of hundreds of senior US and South Korean government officials and other Asian officials, as well as Chinese political activists, military personnel and journalists, Google has said.

In a blog posted yesterday, Google said it detected and disrupted what appears to be a targeted phishing campaign to take users’ passwords and monitor their emails. “We have notified victims and secured their accounts. In addition, we have notified relevant government authorities,” the company said.

Google said the phishing campaign appears to originate from Jinan, China, and was used to trick people into revealing the login details for their personal Gmail accounts. “The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.)”

The company stressed that its internal systems were not affected. “These account hijackings were not the result of a security problem with Gmail itself. But we believe that being open about these security issues helps users better protect their information online.”

The Contagio blog, which revealed the existence of this phishing attempt in February, said that as part of the attack, victims receive a fake message which appears to come from an address of a close associate or a collaborating organisation. The ‘view’ and ‘download’ attachment links lead to a fake Gmail login page for harvesting credentials.

According to Contagio, once the attackers obtain the logins, they access the Gmail account and may take one of several actions: forward incoming mail to another account, read mail and gather information about close associates, or use the personal information to make future phishing emails more plausible.

Protection measures

Independent security consultant Brian Honan, who heads Ireland’s computer emergency response team IRISS-CERT, said: “It’s a good example of why people should be educated on the risks of spear phishing and to use two factor features within Gmail to reduce the risk of being compromised.”

Google’s blog post includes advice on strengthening login by using two-step verification that involves both the user’s phone number and a second password, which it’s believed counters most phishing attempts.

The news comes at a time when many countries, including the UK and US, are beefing up budgets for cyber security and many in the sector believe the time has come to implement treaties governing cyber space. The Budapest Convention, which is an attempt to harmonise international cyber crime laws, has been criticised in some quarters because neither China nor Russia have signed up to it.

This is not the first time Google has come into conflict with China, after the company revealed its systems had been hacked by people in China early last year.

Ironically, just this week, China claimed its heavy regulation of the internet was the reason why cyber crime levels are falling within the country. At a presentation for the Worldwide Cybersecurity Summit in London, the Chinese ambassador to the UK and Northern Ireland Liu Xiaoming said his government’s “serious laws and regulations” were “effective measures to protect Chinese people”.

Gordon Smith was a contributor to Silicon Republic

editorial@siliconrepublic.com