Google warnings of state-sponsored attacks: Sign of the times
- By Kevin McCaney
- Jun 06, 2012
In a sign of growing concerns over state-sponsored cyberattacks, Google has launched a service that will warn Gmail users if they might be the victims of such attacks.
Google already warns Gmail users about suspected malicious activity concerning their accounts but, in light of recent attacks attributed to various nations, it seems significant that state-sponsored attacks now get their own category of warning.
If Google suspects a state-sponsored attack, users will see a warning against a pink background at the top of their page, reading: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.” That’s followed by a link to advice on what users can do to protect themselves.
How Google attacks changed the security game
Google says Gmail hack came from China
Eric Grosse, Google’s vice president of security engineering, wrote in a June 5 blog that receiving a warning might not mean that a user’s account has been breached, but that, “we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account.”
Those steps include setting strong passwords, enabling two-step verification and updating software. Grosse also pointed out that attackers sometimes try to lure users to phony sign-in pages and advised users to be sure they see “https://accounts.google.com/” in the URL.
Google didn’t go into how it determines that users might be under attack, since that might tip off attackers, saying only that it uses its own analysis and reports from victims.
Google users have been the target of several high-profile attacks in recent years, including widespread attacks reported in January 2010 against Google and other companies that targeted sensitive information, and for which China is a prime suspect.
In 2011, a phishing attack that Google said came from China broke into the accounts of hundreds of Gmail users, including some in the U.S. government (including one Cabinet official) and military. Chinese activists and official of other Asian countries also were targeted.
Other attacks against users in the United States or other countries, have been attributed to Russia and several Middle Eastern states, while China and Iran likewise have claimed their systems have been targeted from the United States and other countries. The United States recently was confirmed as the source of the Stuxnet attack against Iran, though that involved a complex operation infecting centrifuges in a uranium processing plant, rather than a typical information-stealing attack.
Meanwhile, the Flame malware, a sophisticated, target spyware program, was recently found hitting targets in the Middle East and Europe, primarily in Iran and the Palestinian West Bank. As with Stuxnet, the United States and Israel are considered suspects behind Flame, though nothing has been confirmed.
And those are just a few of the attacks that have become public knowledge. Several security experts, including former counterterrorism czar Richard Clarke, have said that China has breached virtually every major U.S. company in search of intellectual property.
Cyberattacks were once the province of “script kiddies” hacking for fun and bragging rights. They later were taken over by hacktivists groups and organized crime. Now, it seems they’ve moved up the chain to become major programs of nation-states.
Considering that attacks such as these show no signs of slowing down, Google is likely on the right track in giving state-sponsored attacks their own designation.
Kevin McCaney is a former editor of Defense Systems and GCN.