Google begins alerting Gmail users to 'state-sponsored' attacks

Google begins alerting Gmail users to 'state-sponsored' attacks

Summary: Google has been notifying users of its services about suspected phishing attempts, and it's also notified webmasters of hacked servers. Now the company has begun alerting Gmail customers who may be victims of a "state-sponsored" cyberattack.

TOPICS: Security

Cyberwarfare is moving out of the shadows and into the light.

Now, Google has decided to alert its users when it detects that their account has been hacked. And it’s willing to say in a big red banner that it believes the attacker is working on behalf of a hostile foreign government.

If Google believes someone is trying to break into your Gmail account, this is what you’ll see:

In a blog post, Google VP of Security Engineering Eric Grosse explains that the warning doesn’t necessarily mean the attack has been successful or that your personal information has been compromised. The most likely trigger is an attempt to lure you to a phishing site or to deliver malware via an email attachment or a link. The suggested response is to change the account password and enable two-step authentication.

Google has been flagging known phishing sites for years in both Chrome and Firefox. Earlier this year the company notified 20,000 webmasters that their sites were doing “weird redirects” and had probably been hacked.

What makes this warning different is that it is typically identifying targeted attacks, which are aimed at particular individuals or organizations, rather than broad-based schemes that pick victims more or less at random.

Google has been engaged in an ongoing battle with China for years, and it’s widely believed that China was behind a successful attack that compromised Google and Adobe in 2010. As I wrote at the time:

The victims in the current wave of attacks were targeted, presumably by criminals or spies who knew exactly what they were doing. In a targeted attack, victims are picked out because they have access to valuable information and can provide access to sensitive parts of their company’s network. It’s possible that the attackers targeted particular victims because they were using IE6. However, the bad guys could also have used malicious PDF files to do their dirty work, as was the case in  a similar wave of targeted attacks in July 2009. They could also have used vulnerabilities in other software.

The Chinese have also been suspected in several recent targeted attacks, including one aimed at Mac OS X users.

Google's warnings do not appear to include any hints as to the identities of the suspected attackers.

One interesting question: would Google notify an Iranian customer if it detected a possible attack from a United States intelligence agency? Earlier this year, Google exercised its privacy policy and notified suspected Russian malware authors that U.S. law enforcement officials had filed subpoenas demanding information about their Gmail accounts.

See also:

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • This is very welcome.

    As long as there is not too many false positives this is very good
    Opera has had something similar for some time, giving warnings about suspicious redirects and possible phishing attempts.
    • Is this only on Web Gmail?

      Or will I get these for gmail on Android, iOS and Win email apps?
    • A welcomed addition to increase security...

      Sure it's a great thing if working reliably, but the real question now becomes: Will it also warn about domestic-sponsored attacks and internet-tapping attacks conducted against free citizens? ;)
  • Use Google Public DNS.,
    • Um, NO!

      As if Google Chrome isn't spyware enough, you expect me to just send every single DNS request to an advertising company?!
      • And your ISP isn't an advertising company?

        Face it, all companies serving web content are in the advertising business. Pick your poison.
        Michael Kelly
      • Well

        While I'm not using the Google DNS (don't see the need), I trust that they aren't logging that data, as they said they won't (only occasional anonymous logging for DNS debugging, no usable private data).
      • Afraid of the Boogle man?

        The technology behind Google DNS far exceeds anything else. It's performance is exemplary and I can immediately tell the difference in speed, accuracy and complete lack of DNS confusion. Google resources speak for themselves and can't be duplicated anywhere else. Plus, it's not taking me anywhere, unlike the Verizon garbage that comes with FIOS.

        Read the complete link about their DNS technology.

        [i]"As if Google Chrome isn't spyware enough"[/i] LOL -- Why don't you enlighten us and tell exactly how Google or Chrome personally violated your privacy. I've been asking that question for years of all the complaining Google privacy invasion dullards here and no one ever responded with anything. i.e. John Smith posted it here so it must be true. Google has an agreement and they don't go beyond it, they are big enough and skilled enough that they don't have to.

        Plus, no one is thinking about the logistics. Gmail has 350 million subscribers. Do you know how many people have to be hired to read those emails? I have 76,000 emails since 2005. It's so silly to even think they want to read your emails. They are beating Microsoft over the head with online advertising, despite Microsofts' attempt to buy Yahoo for 44.5 billion dollars. So Microsoft want's your data bad enough to do anything and they use "closed source" on their operating systems.

        Time to leave Microsoft gimmicks and join the 21st. Century.
      • Reply to Natanael_L.

        It's easy to do and probably worth a try. I tested it against OpenDNS and the Verizon DNS and found a significant difference in speed and stability. It eliminated the periodic long gaps that Verizon and OpenDNS had. It is transparent and I haven't detected any form of Google advertising or messaging like the others. Verizon was confusing because it would throw up these custom messages on problem pages, just not a comfortable feeling. And I'm sure every ISP has their own version.

        Phishing is funny, one morning I typed in the URL to my online banking and and was off by one adjacent character. The web page that came up was almost identical to the legitimate bank page with just minor differences that would be unnoticeable to most people. Fortunately I checked the address line and saw my mistake. However, the fake page had login and password input fields identical to the legitimate bank site. It would have been very easy to type in your credentials and then get some weird error and just exit out of the page without being able to access it later. I called the banks security department and reported it.

        Google DNS security measures can be found at:
    • Which won't really solve this problem.

      Which won't really solve this problem. Because it's an email problem, not a DNS problem.
      • Look deeper..

        It's a TRUST issue. The hackers know this, thus their push into the CA realm. If they gain access to ANY email client, they have a (less than) 50% foothold. If they gain access to ANY email provider (server), they have a (less than) 50% foothold. If they gain access to certificate authorities, they have 100% foothold. If you hacked, where would you look to first?

        As a perspective, If I were to comprimise a quantity of servers, price on blackmarket "eBay" would be decent. If I were to comprimise a quantity of clients, price on blackmarket "eBay" would also be decent. If I were to comprimise a trust relationship for servers and clients, the price would be exponential comparatively, and additionally beneficial is the cross-OS reliance of said cert.

        (eBay was used as an understood method of quantizing code into currency, as an example marketplace only.)

        When you place such a high reliance on one mechanism, with so many platforms dependent on this mechanism, it immediately becomes the primary target of heightened priority. To me, this seems a matter of common sense versus unacknowledgement or obscurity in a fleeting childish thought of hiding one's own eyes to disappear.
    • Frying pan, meet fire.

      LOL, thanks, but no thanks. Back to work at Google for you, Joe. Have your tried the Kool-Aid? Nevermind, that question was rhetorical.
      • Punish Yourself, don't use Google.

        In fact, don't even read about it, don't read their DNS technical information on their web, don't use Gmail, don't use Google Search, don't use Google Maps, don't use Picasa. I use as much Google as I can find - does that make me work for them? Maybe in your defective way of thinking. Do you work for NASA? :)

        My family and I have been using Linux for over 10 years, starting with Knoppix, then Freespire, then Ubuntu and then Mint. And we have enjoyed absolutely no AV use and no infections to this day. Google uses nothing but Linux so there is a real incentive for me to use their products.

        Kool-Aid? Is that one of your technical terms? Or, or you just sore because Microsoft got beaten over the head with Android? Less than 2% market share right? For that matter, they are getting beaten up at every turn.

        Don't worry, Google is secure because it doesn't use any Microsoft, you'll only find Linux on those 1,000,000+ servers.

        No business in their right mind would advertise with Microsoft when there is Google. They will never compete with Google, or even come close.

        What did Google do to you personally, how did they invade your personal privacy. Please let us know, I must have missed it in your reply above.

        Time to leave Microsoft money making gimmicks and move into the 21st. Century.

        Temple University, Phila, PA dumped Outlook for its 10,000 employees and went to GMail. That tells it all.
  • Encryption nor using diffrent browsers will stop spam

    Spammers can still send phishing emails to any email address. The military gets spam all the time and they use smart card technology for encryption. Spam domain lists are constantly being updated to block spammers, though simple DNS redirections can thwart even the best Spam blockers. Browsers don't matter, yahoo and gmail are perfect for spammers as both yahoo and google need to alow affiliates to send ads to their users. These affiliates may have compromised ads,or the email from the affilates can be duplicated tweaked by a spammer and sent out as phishing bait.

    The only true deffense of phishing is education of users of identifying phishing and hoax emails and what to do when incountering those messages. They should have a when in doubt throw it out mentality. Using filters that target key words or phrases in the subject line or body of a message to mittigate the blatant spam from appearing in inbox can help.
  • Define something...

    Google is [willing to say in a big red banner that it believes the attacker is working on behalf of a hostile foreign government.]
    Define "Hostile Foreign Government", cuse from my perspective (in Europe) that includes the US, so....
    • Just a guess...

      But I think it probably means, hostile in Google's eyes... and that is does not mean hostile to the end user.
    • Read the last paragraph

      "One interesting question: would Google notify an Iranian customer if it detected a possible attack from a United States intelligence agency? Earlier this year, Google exercised its privacy policy and notified suspected Russian malware authors that U.S. law enforcement officials had filed subpoenas demanding information about their Gmail accounts."
      So, yes, that includes the U.S.
      Arthur Whitehouse
      • Based on the user

        What is potentially a hostile FG for the user.
        Not a bad policy as it is global....
    • Redefinition

      To be precise, both the title of the article and the picture of the banner identify the hostiles as "state-sponsored attackers", not "hostile foreign governments," so you get to decide which state is after you, foreign or domestic... :)
    • I haven't seen it used for country warnings.

      But I have seen their big red banner used for virus announcements. Google Gmail virus protection (for Windows) is second to none.

      When the embedded malware was discovered to reside in .jpg files, I tried mailing the sample .jpg (the sample virus .jpg just turned on the Windows calculator), and Gmail threw up the red banner and would not let me attach the file.

      Now, this was the morning the story broke, about one hour after it was announced. No one else was even close to protecting users at that point. Now, that's why you use Gmail and Google instead of anything else. It was just extremely impressive. I had to use my German email to send the file. If you use Windows, you really should be using Gmail for security and online email virus scanning.

      Based on how attempted attacks have been levied against Google from other countries I would expect them to have such a warning.