Feeds

Spear phishers target gov, military officials' Gmail accounts

Google: 'Hundreds affected'

Internet Security Threat Report 2014

Google has detected a targeted campaign to collect hundreds of personal Gmail passwords, many of them belonging to senior US government officials, Chinese political activists, military personnel, and journalists.

The accounts may have been compromised using spear phishing techniques in which victims received highly personalized messages that contained links to counterfeit Gmail pages, according to a blog post published in February that Google cited when disclosing the attacks on Wednesday. Google said the campaign “appears to originate from Jinan, China” but didn't share any evidence supporting that claim.

“The goal of this effort seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change people's forwarding and delegation settings,” Google's blog post, titled “Ensuring your information is safe online,” stated. “Google detected and has disrupted this campaign to take users' passwords and monitor their emails. Company officials have alerted the victims and “relevant government authorities.”

According to the February blog post, some of the phishing pages were hosted using the free dyndns.org service and contained images and text that were almost indistinguishable from those hosted on the real Google service. The links were “customized and individualized for each target,” independent security researcher Mila Parkour wrote.

Once accounts were compromised attackers created rules to automatically forward all received email to accounts under their control, Parkour said. The attackers then used the purloined email to “gather information about the closets associates and family/friends” and exploited “the harvested information for making future mailings more plausible.”

Parkour's post showed a half-dozen emails exchanged in the campaign, several of which contained Pentagon and US State Department addresses.

“This is the latest version of the State's joint statement,” one fraudulent email read. “My understanding is that State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike.”

The email contained what appeared to be a Microsoft Word document as an attachment.

The incident harkens back to a separate attack Google disclosed in January 2010, that targeted the company's source code and the Gmail accounts of human rights activists in China. Unlike the most recent phishing campaign, the “highly sophisticated and targeted attack” from 2010 exploited vulnerabilities on Google's network to gain unauthorized access. Dozens of other companies were also targeted in the earlier attack.

Google's blog post provides a variety of tips for keeping accounts secure. They include use of a two-step verification procedure when logging in to accounts to add an extra layer of security to the login process. Gmail also warns users of suspicious logins to their accounts.

Gmail isn't the only free email service to be targeted recently. Last month, attackers exploited a vulnerability in Microsoft's competing Hotmail that allowed them to steal confidential correspondences and user contacts without warning. The in-the-wild attacks came to light only after they were disclosed by third-party researchers.

Microsoft has yet to say how many users were affected or whether it alerted authorities and compromised users of the attacks. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.