Google begins alerting Gmail users to 'state-sponsored' attacks
Summary: Google has been notifying users of its services about suspected phishing attempts, and it's also notified webmasters of hacked servers. Now the company has begun alerting Gmail customers who may be victims of a "state-sponsored" cyberattack.
Cyberwarfare is moving out of the shadows and into the light.
Now, Google has decided to alert its users when it detects that their account has been hacked. And it’s willing to say in a big red banner that it believes the attacker is working on behalf of a hostile foreign government.
If Google believes someone is trying to break into your Gmail account, this is what you’ll see:
In a blog post, Google VP of Security Engineering Eric Grosse explains that the warning doesn’t necessarily mean the attack has been successful or that your personal information has been compromised. The most likely trigger is an attempt to lure you to a phishing site or to deliver malware via an email attachment or a link. The suggested response is to change the account password and enable two-step authentication.
Google has been flagging known phishing sites for years in both Chrome and Firefox. Earlier this year the company notified 20,000 webmasters that their sites were doing “weird redirects” and had probably been hacked.
What makes this warning different is that it is typically identifying targeted attacks, which are aimed at particular individuals or organizations, rather than broad-based schemes that pick victims more or less at random.
Google has been engaged in an ongoing battle with China for years, and it’s widely believed that China was behind a successful attack that compromised Google and Adobe in 2010. As I wrote at the time:
The victims in the current wave of attacks were targeted, presumably by criminals or spies who knew exactly what they were doing. In a targeted attack, victims are picked out because they have access to valuable information and can provide access to sensitive parts of their company’s network. It’s possible that the attackers targeted particular victims because they were using IE6. However, the bad guys could also have used malicious PDF files to do their dirty work, as was the case in a similar wave of targeted attacks in July 2009. They could also have used vulnerabilities in other software.
The Chinese have also been suspected in several recent targeted attacks, including one aimed at Mac OS X users.
Google's warnings do not appear to include any hints as to the identities of the suspected attackers.
One interesting question: would Google notify an Iranian customer if it detected a possible attack from a United States intelligence agency? Earlier this year, Google exercised its privacy policy and notified suspected Russian malware authors that U.S. law enforcement officials had filed subpoenas demanding information about their Gmail accounts.
See also:
- New wave of phishing attacks serves malware to PCs and Macs
- Trojans, viruses, worms: How does malware get on PCs and Macs?
- IE9 versus Chrome- which one blocks malware better?
- Malware authors target Google Chrome
- Why do people fall for Trojans?
- Researchers intercept targeted malware attack against Tibetan Organizations
- Targeted Pro-Tibetan malware attacks hit Mac OS X users
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
This is very welcome.
Opera has had something similar for some time, giving warnings about suspicious redirects and possible phishing attempts.
Is this only on Web Gmail?
A welcomed addition to increase security...
Use Google Public DNS.
8.8.8.8, 8.8.4.4
Um, NO!
And your ISP isn't an advertising company?
Well
Afraid of the Boogle man?
Read the complete link about their DNS technology.
[i]"As if Google Chrome isn't spyware enough"[/i] LOL -- Why don't you enlighten us and tell exactly how Google or Chrome personally violated your privacy. I've been asking that question for years of all the complaining Google privacy invasion dullards here and no one ever responded with anything. i.e. John Smith posted it here so it must be true. Google has an agreement and they don't go beyond it, they are big enough and skilled enough that they don't have to.
Plus, no one is thinking about the logistics. Gmail has 350 million subscribers. Do you know how many people have to be hired to read those emails? I have 76,000 emails since 2005. It's so silly to even think they want to read your emails. They are beating Microsoft over the head with online advertising, despite Microsofts' attempt to buy Yahoo for 44.5 billion dollars. So Microsoft want's your data bad enough to do anything and they use "closed source" on their operating systems.
Time to leave Microsoft gimmicks and join the 21st. Century.
Reply to Natanael_L.
Phishing is funny, one morning I typed in the URL to my online banking and and was off by one adjacent character. The web page that came up was almost identical to the legitimate bank page with just minor differences that would be unnoticeable to most people. Fortunately I checked the address line and saw my mistake. However, the fake page had login and password input fields identical to the legitimate bank site. It would have been very easy to type in your credentials and then get some weird error and just exit out of the page without being able to access it later. I called the banks security department and reported it.
Google DNS security measures can be found at:
https://developers.google.com/speed/public-dns/docs/security
Which won't really solve this problem.
Look deeper..
As a perspective, If I were to comprimise a quantity of servers, price on blackmarket "eBay" would be decent. If I were to comprimise a quantity of clients, price on blackmarket "eBay" would also be decent. If I were to comprimise a trust relationship for servers and clients, the price would be exponential comparatively, and additionally beneficial is the cross-OS reliance of said cert.
(eBay was used as an understood method of quantizing code into currency, as an example marketplace only.)
When you place such a high reliance on one mechanism, with so many platforms dependent on this mechanism, it immediately becomes the primary target of heightened priority. To me, this seems a matter of common sense versus unacknowledgement or obscurity in a fleeting childish thought of hiding one's own eyes to disappear.
Frying pan, meet fire.
Punish Yourself, don't use Google.
My family and I have been using Linux for over 10 years, starting with Knoppix, then Freespire, then Ubuntu and then Mint. And we have enjoyed absolutely no AV use and no infections to this day. Google uses nothing but Linux so there is a real incentive for me to use their products.
Kool-Aid? Is that one of your technical terms? Or, or you just sore because Microsoft got beaten over the head with Android? Less than 2% market share right? For that matter, they are getting beaten up at every turn.
Don't worry, Google is secure because it doesn't use any Microsoft, you'll only find Linux on those 1,000,000+ servers.
No business in their right mind would advertise with Microsoft when there is Google. They will never compete with Google, or even come close.
What did Google do to you personally, how did they invade your personal privacy. Please let us know, I must have missed it in your reply above.
Time to leave Microsoft money making gimmicks and move into the 21st. Century.
Temple University, Phila, PA dumped Outlook for its 10,000 employees and went to GMail. That tells it all. https://tumail.temple.edu/UserLogin.aspx?ReturnUrl=%2f
Encryption nor using diffrent browsers will stop spam
The only true deffense of phishing is education of users of identifying phishing and hoax emails and what to do when incountering those messages. They should have a when in doubt throw it out mentality. Using filters that target key words or phrases in the subject line or body of a message to mittigate the blatant spam from appearing in inbox can help.
Define something...
Define "Hostile Foreign Government", cuse from my perspective (in Europe) that includes the US, so....
Just a guess...
Read the last paragraph
So, yes, that includes the U.S.
Based on the user
Not a bad policy as it is global....
Redefinition
I haven't seen it used for country warnings.
When the embedded malware was discovered to reside in .jpg files, I tried mailing the sample .jpg (the sample virus .jpg just turned on the Windows calculator), and Gmail threw up the red banner and would not let me attach the file.
Now, this was the morning the story broke, about one hour after it was announced. No one else was even close to protecting users at that point. Now, that's why you use Gmail and Google instead of anything else. It was just extremely impressive. I had to use my German GMX.de email to send the file. If you use Windows, you really should be using Gmail for security and online email virus scanning.
Based on how attempted attacks have been levied against Google from other countries I would expect them to have such a warning.