Google has accused Chinese snoopers of hijacking personal Gmail accounts of government officials, military personal and journalists in the US.
The company has issued a warning on its website, advising Gmail users to upgrade their security settings to thwart would-be attackers, who were targeting officials in the US and several Asian neighbours.
“Most account hijackings are not normally very targeted; they are designed to steal identities, acquire financial data or send spam. But some attacks are targeted at specific individuals,” said Eric Grosse, engineering director for the Google Security Team on the company blog.
"This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”
The message is crafted to appear like it has an attachment with links like View Download and a name of the supposed attachment
According to Google, the unknown perpetrators used stolen email passwords to access accounts and change forwarding and delegation settings, which would allow the attacker to monitor all messages going through the account.
Although the company said it had now informed victims of the attack, a report referenced in the Google blog suggested the methods had been used since at least February.
The Contagio malware report that first alerted Google to the problem said the passwords were stolen using a combination of phishing and malware to harvest passwords.
“Victims get a message from an address of a close associate or a collaborating organisation oragency, which is spoofed,” the report said.
“The message is crafted to appear like it has an attachment with links like View Download and a name of the supposed attachment. The link leads to a fake Gmail login page for harvesting credentials.”
The news comes as senior government officials on both sides of the Atlantic stressed the importance of cyber defence in the internet age.
The Pentagon this week said it would treat a cyber attack as an act of war, while the UK is currently increasing its cyber capabilities, both offensive and defensive.
No comments:
Post a Comment