Security

Additional Google Account Security Aims To ‘Deter Political Hackers’

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

The programme, aimed at high-profile executives and politicians, is to introduce a secont physical key and block access to data by third-party tools

Google is planning to offer new, optional security controls for its cloud-based accounts starting this month that it intends to market to politicians, executives and other high-profile figures at risk from hacking and data breaches, according to a report.

The move follows a surge in politically linked hacking that accompanied last year’s US presidential elections, during which the Democratic National Committee (DNC) and John Podesta, Hillary Clinton’s campaign manager, were both targeted by attackers who publicly released stolen data.

‘Advanced’ security service

Podesta’s Gmail account was accessed by attackers who, ironically, targeted him with a fake warning message imitating the security alerts Google sends to users it believes are at risk from security issues. According to investigators, attackers gained access to the account after Podesta clicked a shortened link contained in the message.

Google is now planning to make it more difficult for attackers to fraudulently access accounts by giving users the option of using a physical key in addition to the USB security key it currently offers, according to a report by Bloomberg, which cited two unnamed sources familiar with the plan.

gmail-logo-34666Under an optional service called the Advanced Protection Programme Google is also planning to more closely lock down users’ accounts by blocking all third-party tools from accessing users’ emails or files, such as those held on Google Drive.

Google allows users to activate various levels of security, such as the use of a one-time code sent to a mobile device and the USB Security Key device introduced in 2014.

Do passwords have a future in cybersecurity?

View Results

Loading ... Loading ...

Physical security key

The new offering would still require the USB Security Key but would add a second physical key that would be required for users to log into their accounts, according to the report.

Google declined to comment.

The company offers various other security protections and alerts to account holders, including messages that warn when it believes a user has been targeted by a hacking attempt backed by a nation state.

In March, after a number of journalists received such warnings, Google published a message “reassuring” users that the messages are sent “out of an abundance of caution”.

cloud security“The notice does not necessarily mean that the account has been compromised or that there is a widespread attack,” wrote Shane Huntley of, Google’s Threat Analysis Group in a blog post at the time.

Cloud data leaks

Data breaches and inadvertent leaks have become an increasingly common occurrence as the use of cloud-based communications and storage services becomes routine.

In recent months a number of high-profile organisations, including a contractor for the Republican National Committee (RNC), have been hit by breaches involving data left on unsecured Amazon S3 cloud storage repositories. The RNC-linked breach was the US’ largest-ever leak of personal data on voters, affecting 198 million citizens, or about 61 percent of the country’s population.

The incidents prompted Amazon to introduce an optional automated service called Macie that warns users when it finds unsecured cloud data.

How well do you know the cloud? Try our quiz!