Google is to warn Gmail customers if it thinks they’re being targeted by “suspected state-sponsored attacks”.

The warning, “We believe state-sponsored attackers may be attempting to compromise your computer”, is intended to spur users to take immediate measures to secure their account, Eric Grosse, Google’s security engineering veep, writes [1] on the Google security blog.

Such steps include creating a strong password for the account (that is, the kind of password that’s only usable if you write it down), enable two-step account verification, and keep all software up-to-date.

El Reg anticipates three possible user responses to the warning:

• The kind of indifference or hostility that’s made it so hard for the world to remedy DNS Changer [2];
• Outright instant terror;
• a small subset of intelligent and sensible users who react calmly and quickly.

Google declined to detail the characteristics of attacks that would lead it to identify activity as state-sponsored, with Grosse writing that “we can’t go into the details without giving away information that would be helpful [to the] bad actors”.

As noted [3] in Threatpost, Google accounts are a favourite target for government attacks (as well, we should add, as attacks by non-state actors, Nigerian scammers, hacktivists, and advertisers trying to sell stuff).

The Aurora attacks [4], emanating from China in 2010, are the best-known examples of alleged state-sponsored “spear-phishing”. ®

Links

1. http://googleonlinesecurity.blogspot.com.au/2012/06/security-warnings-for-suspected-state.html
2. http://www.theregister.co.uk/2012/05/17/dns_changer_blackouts/
3. http://threatpost.com/en_us/blogs/google-warning-users-about-state-sponsored-attacks-060512
4. http://www.theregister.co.uk/2010/02/19/aurora_china_probe_latest/

Related stories

• Yahoo! and! Microsoft! have! long! way! to! go! in! account! hijack! fight! (25 February 2013)

  http://www.theregister.co.uk/2013/02/25/webmail_account_hijacking/

• We've slashed account hijackings by 99.7% - Google (21 February 2013)

  http://www.theregister.co.uk/2013/02/21/google_account_hijack_clampdown/

• Google Aurora hackers AT LARGE, launch 0-day bazookas (10 September 2012)

  http://www.theregister.co.uk/2012/09/10/elderwood_cyberespionage/

• Taiwan to ramp up cyberwar efforts (2 September 2012)

  http://www.theregister.co.uk/2012/09/02/taiwan_ramp_up_cyberwar/

• Internet Explorer bug patched only a week ago now being exploited (19 June 2012)

  http://www.theregister.co.uk/2012/06/19/ie_exploit_goes_feral/

• RIPE reverse DNS broken for much of day (14 June 2012)

  http://www.theregister.co.uk/2012/06/14/reverse_dns_outage/

• Cyber snoopers target NATO commander in Facebook attack (12 March 2012)

  http://www.theregister.co.uk/2012/03/12/nato_chinese_hacker_facebook/

• China goes on attack over Google phishing claims (2 June 2011)

  http://www.theregister.co.uk/2011/06/02/china_google_response/

• 'Chinese cyberspies' target energy giants (10 February 2011)

  http://www.theregister.co.uk/2011/02/10/night_dragon_cyberespionage/

• Google chief 'paranoid' on security after China attack (13 April 2010)

  http://www.theregister.co.uk/2010/04/13/google_security_paranoia/

• Anti-virus suites still can't block Google China attack (16 March 2010)

  http://www.theregister.co.uk/2010/03/16/aurora_av_test_fail/

• Two Chinese schools implicated in Google Aurora attacks (19 February 2010)

  http://www.theregister.co.uk/2010/02/19/aurora_china_probe_latest/