Google Says Hackers in China Stole Gmail Passwords
SAN FRANCISCO — Google said Wednesday that hundreds of users of Gmail, its e-mail service, had been the targets of clandestine attacks apparently originating in China that were aimed at stealing their passwords and monitoring their e-mail.
SAN FRANCISCO — Google said Wednesday that hundreds of users of Gmail, its e-mail service, had been the targets of clandestine attacks apparently originating in China that were aimed at stealing their passwords and monitoring their e-mail.
Bobby Yip/Reuters
A Google office in Beijing. The company says recent attacks on Gmail apparently began in Jinan, a provincial capital in China.
In a blog post, the company said the victims included senior government officials in the United States, Chinese political activists, officials in several Asian countries, military personnel and journalists.
It is the second time Google has pointed to an area of China as the source of an Internet intrusion. Its latest announcement is likely to further ratchet up the tension between the company and Chinese authorities.
On Thursday, the Chinese government rejected suggestions that it was linked to the attack.
Last year, Google said it had traced a sophisticated invasion of its computer systems to people based in China. The accusation led to a rupture of the company’s relationship with China and a decision by Google not to cooperate with China’s censorship demands. As a result, Google decided to base its Chinese search engine in Hong Kong.
The more recent attacks were not as technically advanced, relying on a common technique known as phishing to trick users into handing over their passwords. But Google’s announcement was unusual in that it put a spotlight on the scale, apparent origins and carefully selected targets of a coordinated campaign to hijack e-mail accounts.
Google said that once the intruders had logged into the accounts, they could change settings for mail forwarding so that copies of messages would be sent to another address. The company said it had “disrupted” the campaign and had notified the victims as well as government agencies. Executives at Google declined to comment beyond the blog post. The company recommended that Gmail users take additional security steps, like using a Google service known as two-step verification, to make it more difficult to compromise their e-mail accounts. But it emphasized that the password thefts were not the result of a general security problem with Gmail.
The Chinese Foreign Ministry said Thursday that the government had no involvement in any such attacks, declaring that it “consistently opposes any criminal activities that damage the Internet and computer networks including hacking and cracks down these activities according to law.”
“Hacking is an international issue, and China is also a victim of hacking,” according to an official transcript of a Foreign Ministry spokesman’s remarks. “The claim that China supports hacking is completely created out of nothing, and is out of ulterior motives.”
Separately, the official Chinese news agency, Xinhua, issued a report on the episode that repeatedly cast doubt on Google’s own credibility and past practices, saying that it “arbitrarily pointed its finger at China” with “baseless complaints.”
Google acknowledged that it had been alerted to the problem in part by Mila Parkour, a security researcher in Washington who posted evidence of a type of phishing attack on her blog in February. She documented examples of what has recently been described as a “man-in-the-mailbox” attack, in which the intruder uses the account of one victim and his e-mail contacts to gain the trust of a new victim.
Ms. Parkour wrote that the method used in this attack “is far from being new or sophisticated,” but that she was posting information about it because of “the particularly invasive approach of the attack.”
She highlighted a fake document titled “Draft US-China Joint Statement” that was circulated among people with e-mail accounts at the State Department, the Defense Department, the Defense Intelligence Agency and Gmail. Clicking to download the document directed users instead to a fake Gmail log-in page that captured their passwords.
Caitlin Hayden, a spokeswoman for the National Security Council, said the White House was looking into the matter.
“We have no reason to believe that any official U.S. government e-mail accounts were accessed,” Ms. Hayden said in an e-mail.
Google said the attacks apparently originated in Jinan, a provincial capital in eastern China. The city is a regional command center for the Chinese military, one of seven in the country. It is also home to the Lanxiang Vocational School, which was founded with military support. Last year, investigators looking into the attack on Google’s systems said they had traced some of the hacking activity back to the school.
It is the second time Google has pointed to an area of China as the source of an Internet intrusion. Its latest announcement is likely to further ratchet up the tension between the company and Chinese authorities.
On Thursday, the Chinese government rejected suggestions that it was linked to the attack.
Last year, Google said it had traced a sophisticated invasion of its computer systems to people based in China. The accusation led to a rupture of the company’s relationship with China and a decision by Google not to cooperate with China’s censorship demands. As a result, Google decided to base its Chinese search engine in Hong Kong.
The more recent attacks were not as technically advanced, relying on a common technique known as phishing to trick users into handing over their passwords. But Google’s announcement was unusual in that it put a spotlight on the scale, apparent origins and carefully selected targets of a coordinated campaign to hijack e-mail accounts.
Google said that once the intruders had logged into the accounts, they could change settings for mail forwarding so that copies of messages would be sent to another address. The company said it had “disrupted” the campaign and had notified the victims as well as government agencies. Executives at Google declined to comment beyond the blog post. The company recommended that Gmail users take additional security steps, like using a Google service known as two-step verification, to make it more difficult to compromise their e-mail accounts. But it emphasized that the password thefts were not the result of a general security problem with Gmail.
The Chinese Foreign Ministry said Thursday that the government had no involvement in any such attacks, declaring that it “consistently opposes any criminal activities that damage the Internet and computer networks including hacking and cracks down these activities according to law.”
“Hacking is an international issue, and China is also a victim of hacking,” according to an official transcript of a Foreign Ministry spokesman’s remarks. “The claim that China supports hacking is completely created out of nothing, and is out of ulterior motives.”
Separately, the official Chinese news agency, Xinhua, issued a report on the episode that repeatedly cast doubt on Google’s own credibility and past practices, saying that it “arbitrarily pointed its finger at China” with “baseless complaints.”
Google acknowledged that it had been alerted to the problem in part by Mila Parkour, a security researcher in Washington who posted evidence of a type of phishing attack on her blog in February. She documented examples of what has recently been described as a “man-in-the-mailbox” attack, in which the intruder uses the account of one victim and his e-mail contacts to gain the trust of a new victim.
Ms. Parkour wrote that the method used in this attack “is far from being new or sophisticated,” but that she was posting information about it because of “the particularly invasive approach of the attack.”
She highlighted a fake document titled “Draft US-China Joint Statement” that was circulated among people with e-mail accounts at the State Department, the Defense Department, the Defense Intelligence Agency and Gmail. Clicking to download the document directed users instead to a fake Gmail log-in page that captured their passwords.
Caitlin Hayden, a spokeswoman for the National Security Council, said the White House was looking into the matter.
“We have no reason to believe that any official U.S. government e-mail accounts were accessed,” Ms. Hayden said in an e-mail.
Google said the attacks apparently originated in Jinan, a provincial capital in eastern China. The city is a regional command center for the Chinese military, one of seven in the country. It is also home to the Lanxiang Vocational School, which was founded with military support. Last year, investigators looking into the attack on Google’s systems said they had traced some of the hacking activity back to the school.
No comments:
Post a Comment