Google Exposes Gmail Phishing Scam from China

 
 
By Clint Boulton  |  Posted 2011-06-02
 
 
 

Google uncovered a phishing scam that duped senior U.S. government officials, Chinese political activists, officials in several Asian countries and media members into giving up their Gmail passwords so that an attacker could read and forward their email messages.  

Google, which detected the scam through its Web-based security systems and other reports, disrupted the attack. The attack affected hundreds of users and appeared to hail from Jinan, China.

The move comes more than a year after the search engine exposed cyber-attacks on its systems that it traced to China. The attacks targeted Gmail accounts of Chinese dissidents and human rights activists.

This time, the attackers attempted to monitor affected users' emails using stolen passwords to change peoples' forwarding and delegation settings, wrote Eric Grosse, engineering director for Google's security team, in a blog post June 1.

After halting the illicit email monitoring, Google secured the accounts of those targeted and notified them and relevant government authorities.

Grosse stressed that the account breaches were not the result of a security problem with Gmail itself and that Google's internal systems have not been affected.

"Bad actors take advantage of the fact that most people aren't that tech savvy-hijacking accounts by using malware and phishing scams that trick users into sharing their passwords, or by using passwords obtained by hacking other Websites," Grosse explained.

The phishing scheme is serious, said Catalin Cosoi, head of the BitDefender Online Threats Lab. Once an attacker gains a user's password, he or she can further trick the victims into additional schemes, such as downloading malicious mobile phone applications to report essential data about the victims, such as their GPS position.  

Mila Parkour, an independent security researcher who alerted Google to the Gmail attacks, wrote about the attacks on her blog Feb. 17.

It's unclear why Google waited three and a half months to make its disclosure, though due to the already tenuous relationship with China, the company quietly investigated the events before revealing its findings.

Jinan, China is home to one of the People's Liberation Army's technical reconnaissance bureaus, or China's equivalent of the National Security Agency in the United States.

Hong Lei, spokesman for China's Ministry of Foreign Affairs, denied his government had anything to do with the attacks, calling them "fabrication out of thin air" and "unacceptable."

"Chinese government is firmly opposed to any cyber-criminal activity, including hacking . . . [and] is ready to cooperate with the international community to combat against it," Lei said, according to the Washington Post.

Google recommends Gmail users can improve security by using a stronger password; entering their password into a proper sign-in promot; checking Gmail setting for suspicious forwarding addresses; and enabling 2-step verification, which uses a phone and second password on sign-in.

Grosse, who outlined those tips and more, said this approach protected some accounts from this attack.

Meanwhile, both the Federal Bureau of Investigation and Department of Homeland Security said they were working with Google to investigate the attacks, according to the Wall Street Journal.

This is the second major attack on Gmail that appeared to hail from China in the last year and a half. Google in January 2010 revealed that it discovered a breach in Google's infrastructure that resulted in the theft of intellectual property from Google. So serious was the breach that Google never revealed what information was taken.

Google ceased censoring results on Google.cn and ultimately created a workaround to direct users searching at that portal to Google.hk. The company never pulled out of China, as it suggested it might, though its search market share tumbled as Baidu lengthened its lead.

 

 
Rocket Fuel