Search

Thursday, 2 June 2011

China rejects Gmail spying claims

Google's logo Google said the cyber-spying campaign targeted Gmail accounts of US officials and journalists
China has rejected allegations of involvement in a cyber-spying campaign targeting the Google e-mail accounts of top US officials, military personnel and journalists.
A foreign ministry spokesman said it was "unacceptable" to blame China.
Google has not blamed the Chinese government directly, but says the hacking campaign originated in Jinan.
The US company said its security was not breached but indicated individuals' passwords were obtained through fraud.
Google said Chinese political activists and officials in other Asian countries were also targeted from the Shandong city, which is 400 km (250 miles) south of Beijing.
The White House said it was investigating the reports but did not believe official US government e-mail accounts had been breached.
Safety tips
It is extremely difficult for analysts to determine whether governments or individuals are responsible for such attacks, says the BBC's Adam Brookes in Washington.
But the fact that the victims were people with access to sensitive - even secret - information raises the possibility that this was cyber-espionage rather than cyber-crime, adds our correspondent.
However, Chinese foreign ministry spokesman Hong Lei told a news briefing: "Blaming these misdeeds on China is unacceptable.
"Hacking is an international problem and China is also a victim. The claims of so-called support for hacking are completely unfounded and have ulterior motives."
On Wednesday, Google said it had "detected and has disrupted" a campaign to take users' passwords and monitor their emails.
"We have notified victims and secured their accounts," said the company. "In addition, we have notified relevant government authorities."
The e-mail scam uses a practice known as "spear phishing" in which specific e-mail users are tricked into divulging their login credentials to a web page that resembles Google's Gmail web service (or which appears related to the target's work) but is in fact run by hackers.
Having obtained the user's e-mail login and password, the hackers then tell Gmail's service to forward incoming e-mail to another account set up by the hacker.
In an advisory message released on Wednesday, Google recommends several steps for users to take to improve the security of Google products:
  1. Enable two-step verification, such as using a mobile phone to which Google sends a second password to enter on sign-in
  2. Use a strong password (mix of letters and numbers, avoiding family names, birth dates etc) for Google that you do not use elsewhere. Here's a video to help.
  3. Enter your password only into a proper sign-in prompt on a https://www.google.com domain.
  4. Check your Gmail settings for suspicious forwarding addresses or delegated accounts

Analysis

Security experts say they are seeing an increase in these so-called spear phishing incidents in which attackers go after specific information or assets and aim at "high value individuals".
One consultant described it as an "epidemic", while another said such attacks are all too easy to perpetrate given the amount of information that lives on the internet about people - from their Twitter stream to their Facebook pages to sites that trace your family tree.
A smart attacker can assemble enough information to "influence and convince" a target that they are receiving a genuine email from someone they know.

No comments: