Google warns users of state-sponsored attacks

 

Gallery

By Nicole Kobie

Posted on 6 Jun 2012 at 10:19

Google has said it will warn users when they are the target of state-sponsored attacks.

Last year, Google said Gmail accounts had been targeted by Chinese authorities. Recent reports have suggested the Stuxnet malware that attacked Iranian nuclear facilities came from the US Government, while the Flame virus first noticed last month was also state-sponsored.

The company already tries to block such activity - such as by encrypting Gmail by default - but will now take precautions further. A warning will now be shown in Gmail if Google believes the user is a target of state-sponsored attacks.

"If you see this warning it does not necessarily mean that your account has been hijacked," said Eric Grosse, vice president of security engineering, in a post on the Google blog. "It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account."

"These warnings are not being shown because Google’s internal systems have been compromised or because of a particular attack," he added.

Grosse advised users targeted by such attacks to ensure their password is secure and to use two-factor authentication to log in, as well as to keep browsers, plugins, OSes and other software updated.

Such advice is fairly standard for any user to stay safe online, noted Andy Dancer, chief technology officer at Trend Micro. While he said the advice was "spot on", he advised users to change passwords frequently and not reuse them across multiple systems.

Dancer said password reset systems are a common weak point, saying users may want to lie about reset information, such as their mother's maiden name or city of birth, as social networks make such information readily available online. "There's no reason for it to be honest at all," he said, as long as you can remember which fake details you chose.

Dancer stressed GMail was relatively secure. Google has extensive resources to protect its systems, but its size and prominence makes it a target. However, he questioned why Google was merely warning users, and not blocking the attacks or intrusions. "If you get far enough to tell a particular user they are being targeted by attacks... why not do something about it?" he told PC Pro.

While he said he'd like to see them "go one step further" and block attacks, he noted they "might be doing so, but not be prepared to talk about it publicly".

Inside information

Indeed, Google wouldn't even reveal how it knows such attacks are state-sponsored. "We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis — as well as victim reports — strongly suggest the involvement of states or groups that are state-sponsored," Grosse said.

"We believe it is our duty to be proactive in notifying users about attacks or potential attacks so that they can take action to protect their information."