Feeds

Spear phishers target gov, military officials' Gmail accounts

Google: 'Hundreds affected'

The essential guide to IT transformation

Google has detected a targeted campaign to collect hundreds of personal Gmail passwords, many of them belonging to senior US government officials, Chinese political activists, military personnel, and journalists.

The accounts may have been compromised using spear phishing techniques in which victims received highly personalized messages that contained links to counterfeit Gmail pages, according to a blog post published in February that Google cited when disclosing the attacks on Wednesday. Google said the campaign “appears to originate from Jinan, China” but didn't share any evidence supporting that claim.

“The goal of this effort seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change people's forwarding and delegation settings,” Google's blog post, titled “Ensuring your information is safe online,” stated. “Google detected and has disrupted this campaign to take users' passwords and monitor their emails. Company officials have alerted the victims and “relevant government authorities.”

According to the February blog post, some of the phishing pages were hosted using the free dyndns.org service and contained images and text that were almost indistinguishable from those hosted on the real Google service. The links were “customized and individualized for each target,” independent security researcher Mila Parkour wrote.

Once accounts were compromised attackers created rules to automatically forward all received email to accounts under their control, Parkour said. The attackers then used the purloined email to “gather information about the closets associates and family/friends” and exploited “the harvested information for making future mailings more plausible.”

Parkour's post showed a half-dozen emails exchanged in the campaign, several of which contained Pentagon and US State Department addresses.

“This is the latest version of the State's joint statement,” one fraudulent email read. “My understanding is that State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike.”

The email contained what appeared to be a Microsoft Word document as an attachment.

The incident harkens back to a separate attack Google disclosed in January 2010, that targeted the company's source code and the Gmail accounts of human rights activists in China. Unlike the most recent phishing campaign, the “highly sophisticated and targeted attack” from 2010 exploited vulnerabilities on Google's network to gain unauthorized access. Dozens of other companies were also targeted in the earlier attack.

Google's blog post provides a variety of tips for keeping accounts secure. They include use of a two-step verification procedure when logging in to accounts to add an extra layer of security to the login process. Gmail also warns users of suspicious logins to their accounts.

Gmail isn't the only free email service to be targeted recently. Last month, attackers exploited a vulnerability in Microsoft's competing Hotmail that allowed them to steal confidential correspondences and user contacts without warning. The in-the-wild attacks came to light only after they were disclosed by third-party researchers.

Microsoft has yet to say how many users were affected or whether it alerted authorities and compromised users of the attacks. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?