Massive Chinese Phishing Cyber-Attack Targets Gmail

Google has disclosed that a large-scale, spear-phishing attack focused on government officials and activists

A massive hacking attempt has been made to access Google Gmail accounts of US government officials, South Korean officials, and others.

The US victims at the State and Defense departments were targeted by personalised phishing emails, known as a spear-phishing attack, which appeared to emanate from trusted contacts or fellow employees. The emails contained links to a fake Gmail login page aimed at harvesting the officials’ usernames and passwords.

Spreading A Wide Phishing Net

Apart from the US targets, the attacks also pinpointed Chinese activists, particularly those involved in human rights issues; journalists; military leaders, and officials from several Asian countries.

Some of the Gmail users did fall for the scam, it has been disclosed, but how many is not known. Google says that it has taken swift action to secure the possibly-compromised accounts. Details of how the company has done this are not known but it has notified affected users and may have asked them to change their login credentials and upgrade to two-step authentication.

Google emphasises that its servers were not hacked and that the attack was purely a social engineering exploit. This differentiates it from a previous Chinese attempt to hack into Google accounts in late 2009 and early 2010. At that time, Google’s data centres were the focus during a battle with Chinese authorities over search results censorship.

Access to Gmail and other accounts were recently strengthened by adding a secondary login phase based on the issuance of a single-use session password. It is not known how many of the victims were already using this belt-and-braces protection.

The nature of the targets chosen implies that the Chinese government or agents friendly to China’s authorities were involved. Official sources in that country have yet to respond but it assumed they will take the party line that hacking is illegal in China and that it has been a victim of international hackers spoofing local IP addresses.

Despite these expected denials, Google claimed that the attacks came from the Jinan region. This is also the home of the Shandong Jinan Lanxiang Vestibule School, an educational establishment that teaches computer training and has been identified as the source of a previous attack on a defence contractor. One of the Chinese People’s Liberation Army’s technical reconnaissance bureaux is also based in Jinan.

The Contagioblog site provides a detailed article about the attacks but Mila Parkour, the blog’s owner, first wrote about the attacks in February. Google has now confirmed her disclosure.

Chester Wisniewski, senior security advisor at Sophos Canada, wrote on the company’s Naked Security blog: “While this attack is not specifically a problem with Gmail, it is a widespread security weakness in many cloud services. Google sharing information with the public about how these attacks are executed helps all of us learn from these situations and build better systems.”

Open Google Attacks Exploit Secrecy

During an interview with the The Wall Street Journal on Tuesday, Eric Schmidt, Google’s chairman, said the company is “massively more protected than we were a year ago”.

He also stated that the company had discovered “lots of other companies were attacked in similar ways. It is better to be transparent about these things”. His inference was that many compromised firms fail to report attacks in an attempt to protect their reputations.

Evidence of espionage cyber-attacks is increasing and, only last week, defence contractor Lockheed Martin said it had detected a significant attack against its computer networks.

Wisniewski advised, “If you are ever presented with a login screen in your browser and you didn’t type in the address of the site you are trying to visit, close the window. Only enter your password into pages where you entered in the URL.”