Google says Chinese hackers broke into Gmail
Published: Wednesday, June 1, 2011 at 6:01 a.m.
Last Modified: Thursday, June 2, 2011 at 12:12 a.m.
SAN FRANCISCO — Google Inc. is blaming computer hackers in China for a high-tech ruse that broke into the personal Gmail accounts of several hundred people, including senior U.S. government officials, military personnel and political activists.
The breach announced Wednesday marks the second time in 17 months that Google has publicly identified China as the home base for a scheme aimed at hijacking information stored on Google's vast network of computers.
This round of attacks isn't believed to be tied to a more sophisticated assault originating from China in late 2009 and early last year. That intrusion went after some of Google's trade secrets and triggered a high-profile battle with China's Communist government over online censorship that has made it more difficult for the company to do business in the world's most populous country.
The latest duplicity appeared to rely on so-called "phishing" scams and other underhanded behavior that hackers frequently use to obtain passwords from people and websites that aren't vigilant about protecting the information.
Google credited its own security measures for detecting and disrupting the intrusions. All the victims have been notified and their Gmail accounts secured, according to the company. Mila Parkour, a security researcher who helped alert Google to the Gmail breach, said the attacks had been occurring for at least a year before they were finally uncovered.
"It was persistent and bold," Mila Parkour said of the hacking scheme in a Wednesday email exchange with The Associated Press. Parkour first shared her suspicions about the breach in a Feb. 17 post on her Contagio blog.
Google wouldn't say what parts of the U.S. government were targeted or whether any confidential information may have been contained in the trespassed Gmail accounts. Besides senior government officials, other people whose Gmail accounts were infiltrated included Chinese political activists, military personnel, journalists and officials in other countries, mainly in South Korea.
The U.S. Department of Homeland Security didn't shed any light in its statement on the attacks. "We are working with Google and our federal partners to review the matter, offer analysis of any malicious activity, and develop solutions to mitigate further risk," agency spokesman Chris Ortman said.
Google traced the origin of the attacks to Jinan, China. That's the home city of a military vocational school whose computers were linked to the assault more than a year ago on Google's computer systems, along with those of more than 20 other U.S. companies.
That break-in prompted Google to move its Chinese-language search engine from mainland China last year so it wouldn't have to censor content that the government didn't want the general public to see. The search engine is now based in Hong Kong, which isn't subject to Beijing's censorship rules.
Before the shift, the tensions escalated amid reports that the Chinese government had at least an indirect hand in the 2009 and 2010 hacking attacks, a possibility that Google didn't rule out.
This time around, the hackers appeared to rely on tactics commonly used to fool people into believing they are dealing with someone they know or a company that they trust. Once these "phishing" expeditions get the information needed to break into an email account, the access can be used to send messages that dupe other victims.
The culprits behind the Gmail breaches appeared to have specific targets in mind. That is known as "spear phishing" in high-tech circles.
Computer security specialist says spear phishing often provides the means for even broader attacks.
The Gmail attackers were intent on spying on inboxes, according to Google, but their ambitions beyond that were unclear.
Parkour said the hackers' scam proved highly effective "because they used information from the emails for future phishing emails, often using information that would be known only to (the) victim — thus gaining more trust." She said the ruse served as a reminder of the security weaknesses of Web-based email services such as Google's.
Gmail has 221 million users worldwide, ranking it third behind the Microsoft Corp.'s Hotmail at 327 million and Yahoo Inc.'s webmail service at 277 million, according to the research firm comScore Inc.
Both Google and the Department of Homeland Security advised email users to take steps to protect their accounts. Google posted its safety tips on its blog, http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html
Reader comments posted to this article may be published in our print edition. All rights reserved. This copyrighted material may not be re-published without permission. Links are encouraged.