Cyberwarfare is moving out of the shadows and into the light.
Now, Google has decided to alert its users when it detects that their account has been hacked. And it’s willing to say in a big red banner that it believes the attacker is working on behalf of a hostile foreign government.
If Google believes someone is trying to break into your Gmail account, this is what you’ll see:
In a blog post, Google VP of Security Engineering Eric Grosse explains that the warning doesn’t necessarily mean the attack has been successful or that your personal information has been compromised. The most likely trigger is an attempt to lure you to a phishing site or to deliver malware via an email attachment or a link. The suggested response is to change the account password and enable two-step authentication.
Google has been flagging known phishing sites for years in both Chrome and Firefox. Earlier this year the company notified 20,000 webmasters that their sites were doing “weird redirects” and had probably been hacked.
What makes this warning different is that it is typically identifying targeted attacks, which are aimed at particular individuals or organizations, rather than broad-based schemes that pick victims more or less at random.
Google has been engaged in an ongoing battle with China for years, and it’s widely believed that China was behind a successful attack that compromised Google and Adobe in 2010. As I wrote at the time:
The victims in the current wave of attacks were targeted, presumably by criminals or spies who knew exactly what they were doing. In a targeted attack, victims are picked out because they have access to valuable information and can provide access to sensitive parts of their company’s network. It’s possible that the attackers targeted particular victims because they were using IE6. However, the bad guys could also have used malicious PDF files to do their dirty work, as was the case in a similar wave of targeted attacks in July 2009. They could also have used vulnerabilities in other software.
Google's warnings do not appear to include any hints as to the identities of the suspected attackers.
- New wave of phishing attacks serves malware to PCs and Macs
- Trojans, viruses, worms: How does malware get on PCs and Macs?
- IE9 versus Chrome- which one blocks malware better?
- Malware authors target Google Chrome
- Why do people fall for Trojans?
- Researchers intercept targeted malware attack against Tibetan Organizations
- Targeted Pro-Tibetan malware attacks hit Mac OS X users