Google is warning Gmail users that the company believes that they may be targeted in state-sponsored attacks.
Though Google did not mention the Chinese government by name, China has been a frequent target of such allegations since Google blamed the country’s government for the Aurora attacks. Tuesday, Eric Grosse, Google’s vice president of security engineering, blogged that the company is constantly on the lookout for malicious activity on its systems, particularly attempts to illegally access user accounts.
Those users who the company believes may be the target of state-sponsored attacks will see a warning that states: “We believe state-sponsored attacks may be attempting to compromise your account or computer.”
“If you see this warning, it does not necessarily mean that your account has been hijacked,” Grosse explained. “It just means that we believe you may be a target of phishing or malware, for example, and that you should take immediate steps to secure your account, Grosse said.
“Here are some things you should do immediately: create a unique password that has a good mix of capital and lowercase letters, as well as punctuation marks and numbers; enable two-step verification as additional security; and update your browser, operating system, plug-ins, and document editors. Attackers often send links to fake sign-in pages to try to steal your password, so be careful about where you sign in to Google and look for https://accounts.google.com/ in your browser bar. These warnings are not being shown because Google’s internal systems have been compromised or because of a particular attack,” said Grosse.
Grosse declined to go into details about exactly how the company is able to determine what users were possible victims of cyber-attacks originating from nation-states, stating it would give away too much information to the attackers. However, he stated that the company came to this conclusion based on victims’ reports and detailed analysis.
“We believe it is our duty to be proactive in notifying users about attacks or potential attacks so that they can take action to protect their information,” he blogged. “And we will continue to update these notifications based on the latest information.”
The problem of attribution has always been a significant one when it comes to investigating cyber -crime, as attackers often disguise their location and identity, noted Graham Cluley, senior technology consultant at Sophos.
“You can imagine how anyone who sees the warning from Google of a state-sponsored attack might well get the heebie-jeebies,” he blogged. “If a little more light was shed as to why they were warning a particular user, it might be more helpful.
“As Google, points out—there’s more you can do than just having a hard-to-crack password,” he continued. “Even if hackers who broke into your Gmail account no longer know your password, there are still things they could have done while they had access to your email which will allow them to continue to monitor your communications.”
For instance, Grosse said it’s “possible for someone to have tampered with your Gmail account to silently forward all messages that you receive to another account. Similarly, it’s a good idea to check that no-one has been unexpectedly [authorized] to read and send email from your account.”