Hackers probably based in China tried to break into hundreds of Google mail accounts, including those of senior US government officials, Chinese activists and journalists, the internet company said on Wednesday.
The unknown perpetrators, who appeared to originate from the city of Jinan in Shandong province, recently tried to crack and monitor email accounts by stealing passwords, but Google detected and “disrupted” their campaign, the world’s largest web search company said on its official blog.
The revelation comes more than a year after Google disclosed a cyberattack on its systems that it said it traced to China, and could further strain an already tense relationship between the web giant and Beijing. Google eventually all but pulled out of the world’s largest internet market by users.
“We recently uncovered a campaign to collect user passwords, likely through phishing,” Google said in a post on its corporate blog, referring to the practice where computer users are tricked into giving up sensitive information.
“The goal of this effort seems to have been to monitor the contents of these users’ emails.”
It “affected what seem to be the personal Gmail accounts of hundreds of users, including among others, senior US government officials, Chinese political activists, officials in several Asian countries [predominantly South Korea], military personnel and journalists.”
Google did not say the Chinese government was behind the attacks or say what might have motivated the intrusions.
But cyberattacks originating in China have become common in recent years, said Bruce Schneier, chief security technology officer at telecommunications company BT.
“It’s not just the Chinese government. It’s independent actors within China who are working with the tacit approval of the government,” he said.
The events leading to Google’s withdrawal from China exacerbated an often difficult relationship between Washington and Beijing, with disputes ranging from human rights to trade.
The attacks revealed on Wednesday were also the latest computer-based invasions directed at Western companies.
The United States has warned that a cyberattack — presumably if it is devastating enough — could result in real-world military retaliation, although analysts say it could be difficult to detect its origin with full accuracy.
Lockheed Martin, the US government’s top information technology provider, said last week it had thwarted “a significant and tenacious attack” on its information systems network, though the company and government officials have not yet said where they think the attack originated.
The White House said it was investigating Google’s claims.
“We have no reason to believe that any official US government email accounts were accessed,” said White House spokesperson Tommy Vietor.
The FBI said it was working with Google on the matter.
A spokesperson at South Korea’s presidential office said the Blue House had not been affected, but added they did not use Gmail. South Korea’s Ministry of Strategy and Finance said it had warned all staff “not to use send or receive any official information through private emails such as Gmail”.
Technical reconnaissance
Jinan, the capital of eastern Shandong province, is the location of one of six technical reconnaissance bureaus belonging to the People’s Liberation Army, which oversees China’s electronic eavesdropping, according to an October 2009 report by the US-China Economic and Security Commission, a panel created by Congress to monitor potential national security issues related to US-China relations.
The bureaus “are likely focused on defence or exploitation of foreign networks”, the commission report states.
Last year, US investigators said there was evidence suggesting a link between the Lanxiang Vocational School in Jinan and the hacking attacks on Google and over 20 other firms, the New York Times reported. The school denied the report.
China’s foreign ministry and its state council information office did not respond to faxed inquiries.
China has said repeatedly it does not condone hacking, which remains a popular hobby in the country, with numerous websites offering cheap courses to learn the basics.
Chinese human rights activists say they are increasingly worried about Gmail’s security.
“Two years ago, when we were using Gmail for our organisation, there were a few incidents when our accounts were hacked into by people pretending to be us and sending attachments to colleagues with viruses in them,” said Wang Songlian, research coordinator for rights group Chinese Human Rights Defenders.
After that, the organisation started relying less on Gmail, Wang said, “because of the belief that even though Gmail has good security, it’s not good enough for our purposes. It’s still a concern for us.”
While Google said last year’s attack was aimed at its corporate infrastructure, the latest incident appears to have relied on tricking email users into revealing passwords, based on Google’s description in its blog post.
It said the perpetrators changed the victims’ email forwarding settings, presumably secretly sending the victims’ personal emails to other recipients.
Schneier said the details that Google has released about the email hijacking do not appear that unusual.
“For the past five years we’ve known that the Chinese conduct a lot of espionage over the internet,” he said.
In January 2010, Google announced it was the target of a sophisticated cyberattack using malicious code dubbed “Aurora”, which compromised the Gmail accounts of human rights activists and succeeded in accessing Google source code repositories.
The company, and subsequent public reports, blamed the attack on the Chinese government.
“Investors would like to see Google figure out a way to operate in China, and capitalize on the growth of the country,” said Cowen and Co analyst Jim Friedland.
“It’s been a tough relationship. And this highlights that it continues to be a tough relationship,” he said.
Google said it had notified the victims and relevant governments in the recent attacks.
“It’s important to stress that our internal systems have not been affected — these account hijackings were not the result of a security problem with Gmail itself,” Google said.
The company’s shares finished 0,7% lower at $525,60.
Google has lost share to rival Baidu in China’s internet market — which has more than 450-million users. – Reuters