Collaboration SuitesMarketingProjectsSecuritySoftwareWorkspace

Massive Chinese Phishing Cyber-Attack Targets Gmail

Phishing top
0 0 2 Comments

Google has disclosed that a large-scale, spear-phishing attack focused on government officials and activists

A massive hacking attempt has been made to access Google Gmail accounts of US government officials, South Korean officials, and others.

The US victims at the State and Defense departments were targeted by personalised phishing emails, known as a spear-phishing attack, which appeared to emanate from trusted contacts or fellow employees. The emails contained links to a fake Gmail login page aimed at harvesting the officials’ usernames and passwords.

Spreading A Wide Phishing Net

Apart from the US targets, the attacks also pinpointed Chinese activists, particularly those involved in human rights issues; journalists; military leaders, and officials from several Asian countries.

Some of the Gmail users did fall for the scam, it has been disclosed, but how many is not known. Google says that it has taken swift action to secure the possibly-compromised accounts. Details of how the company has done this are not known but it has notified affected users and may have asked them to change their login credentials and upgrade to two-step authentication.

Google emphasises that its servers were not hacked and that the attack was purely a social engineering exploit. This differentiates it from a previous Chinese attempt to hack into Google accounts in late 2009 and early 2010. At that time, Google’s data centres were the focus during a battle with Chinese authorities over search results censorship.

Access to Gmail and other accounts were recently strengthened by adding a secondary login phase based on the issuance of a single-use session password. It is not known how many of the victims were already using this belt-and-braces protection.

The nature of the targets chosen implies that the Chinese government or agents friendly to China’s authorities were involved. Official sources in that country have yet to respond but it assumed they will take the party line that hacking is illegal in China and that it has been a victim of international hackers spoofing local IP addresses.

Despite these expected denials, Google claimed that the attacks came from the Jinan region. This is also the home of the Shandong Jinan Lanxiang Vestibule School, an educational establishment that teaches computer training and has been identified as the source of a previous attack on a defence contractor. One of the Chinese People’s Liberation Army’s technical reconnaissance bureaux is also based in Jinan.

The Contagioblog site provides a detailed article about the attacks but Mila Parkour, the blog’s owner, first wrote about the attacks in February. Google has now confirmed her disclosure.

Chester Wisniewski, senior security advisor at Sophos Canada, wrote on the company’s Naked Security blog: “While this attack is not specifically a problem with Gmail, it is a widespread security weakness in many cloud services. Google sharing information with the public about how these attacks are executed helps all of us learn from these situations and build better systems.”

Open Google Attacks Exploit Secrecy

During an interview with the The Wall Street Journal on Tuesday, Eric Schmidt, Google’s chairman, said the company is “massively more protected than we were a year ago”.

He also stated that the company had discovered “lots of other companies were attacked in similar ways. It is better to be transparent about these things”. His inference was that many compromised firms fail to report attacks in an attempt to protect their reputations.

Evidence of espionage cyber-attacks is increasing and, only last week, defence contractor Lockheed Martin said it had detected a significant attack against its computer networks.

Wisniewski advised, “If you are ever presented with a login screen in your browser and you didn’t type in the address of the site you are trying to visit, close the window. Only enter your password into pages where you entered in the URL.”

  1. Jelle Niemantsverdriet, principal consultant forensics and investigative response EMEA at Verizon Business, commented:

    “Recent spear phishing attacks have demonstrated just how much the intellectual property of businesses and the privacy of individuals are at risk. Spear phishing is an attempt to obtain login credentials from individuals so that their accounts can be monitored. This is usually done by sending an email which tricks the user into visiting an external page and entering their user name and password. This is not a new way for hackers to steal data.

    “From our findings in the 2011 Verizon Data Breach Investigations Report, last year saw the total number of records comprised fall to an all-time low, from 144 million in 2009 to four million in 2010. This is because hackers are using techniques such as spear phishing to target a smaller number of email accounts, with accounts belonging to top level executives often containing the most valuable data.

    “While phishing is by no means a new tactic, our report found that cyber criminals are becoming increasingly sophisticated. For instance, over the last year there has been an increased reliance on the personal touch with 78% of cases involving in-person contact.”

  2. Thank you for the information Sophie. While there is NO substitute for security savvy end users I firmly believe that until the entire industry, from ISP’s to software/hardware manufactures and everything in between, start to REALLY take security into account from design to deliver, we will NEVER see a web as secure as it should be.