Google has said that it will start to proactively warn internet users when it suspects that “state-sponsored attackers” have attempted to break into accounts.
In an official blog entry, Google says how it will display the warning to users of Chrome, Gmail and its search engine when it believes the users have been the target of state-sponsored attacks.
The message reads:
Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now
(Click the image above for a larger version)
The obvious question to ask is.. how does Google determine if an attack is state-sponsored or not? The problem of attribution has always been a significant one for those investigating cybercrime – as it’s often extremely difficult to tell the difference between a hack conducted under the orders of an army general and one perpetrated by a lone wolf in his back bedroom.
That’s a question which Google is reluctant to answer. From their blog entry:
You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.
That’s a shame. You can imagine how anyone who sees the warning from Google of a state-sponsored attack might well get the heebie-jeebies. If a little more light was shed as to why they were warning a particular user, it might be more helpful.
As Google, points out – there’s more you can do than just having a hard-to-crack password. Even if hackers who broke into your Gmail account no longer know your password, there are still things they could have done *while* they had access to your email which will allow them to continue to monitor your communications.
For instance, it’s possible for someone to have tampered with your Gmail account to silently forward all messages that you receive to another account.
Similarly, it’s a good idea to check that no-one has been unexpectedly authorised to read and send email from your account.
And if you’re the sort of person who might be considered a target for a state-sponsored hacking attack, what are you doing using Gmail for your sensitive communications anyway? Shouldn’t you at the very least be using some form of two factor authentication to better protect your account?
This isn’t, of course, the first time that Google has warned of state-sponsored attacks. Last year, it advised every Google user in Iran to check if their accounts had been hacked and – most famously – the company made headlines in early 2010, claiming that Chinese human rights activists had been targeted in an attack dubbed “Operation Aurora”.
Further reading: Check out my much more detailed article about “How to stop your Gmail account being hacked”.
9 comments on “Google: “State-sponsored attackers may be attempting to compromise your account””
I am quite sure this happens daily under the current administration…comrades. If people don't wake up and vote differently this year, it'll be like 1984 come November. Enjoy your freedoms while you still have them!
Seriously – shut up. The internet needs an idiot filter for people like you. It happens with *every* administration; it always has, and always will. State-based espionage is a regular practice for every modernized nation.
But if you really insist on turning the conversation all polarizing-political-right-winger-tea-partying-government-is-too-big-but-we-make-an-exception-for-women's-bodies-because-religion-supersedes-hypocrisy on us (okay, to be fair, most of that didn't apply to what you said, but I suspected you were thinking it so it seemed relevant), you should at least have to defend your party's alternative approach: passing a law that makes it *legal* to spy on you (via phone-tapping)….. comrade. Hold on to your tin-foil hat, because the polls say it's close so far. Jerk.
I'm not fan of the current thugs in power, but your premise that electing different thugs is going to make any difference is simply a delusion. The American Revolution was founded on the principles articulated in the Declaration of Independence, not on the system of elected thuggery that the Constitution subsequently established — a system that has undermined the very spirit of the Declaration of Independence. The revolutionary idea was that we don't need ANY thugs telling us what to do.
Get it? Replacing the lone thug in Buckingham Palace with one in the White House and a mess of others on Capitol Hill has just made the mess more complicated. In fact, it has made it much easier to maintain the delusion that we are "free" because we get to choose our tyrants. What rubbish.
If you're serious about freedom, you're going to have to disabuse yourself of the delusion that the only way to get it is by giving someone else the power to take it away from you.
Is this a blog about states hacking into accounts, servers etc. or is it a public venue for various political factions? Surely the point is that if the state makes laws that ban hacking and then hack themselves, it leaves it wide open for anyone else to get into hacking – without being persecuted. In the end it is a free for all, or one law for them and one for the 99% (that’s me). The latter is hypocrisy the former will kill the internet for normal users
So…if Google doesn't think the attack is state-sponsored it won't warn you?Or..is this a generic warning that Google uses for all attacks?
Will Google warn us when the U.S. conducts this type of activity?
As was stated, any government will look internally for problems, it's cheap and makes sense. However if we don't send a message to our elected officials that data is personal and needs protection, we will all get run over by persons 'thinking they are doing right' by sifting through our data items and making good assumptions about where and what you have been up to. One of the worst is probably religious presumptions. The US has always stated that there is a "separation between church and state", but even the 'blue' laws are still in effect in some areas. The 'blue' laws prevent you from purchasing items because you should be going to church! . Like can't buy alcohol, tennis shoes or other items.Some of the major camera retailers in NY are not available on Saturday because that's their day of rest, so it doesn't apply to all. Then there's Google, I can't even find the the 'settings' option and it is not mentioned in any useful way in the help section of Google. Another example is that of Medical Marijuana. Many states have OK'd the use if for medical applications, but our government wants to override this and prosecute some very sick people. Even though a large number of the people want this, the US government won't even let it be acceptable to be investigated by science groups. Only groups that seem to denounce it are acceptable to the US even though our neighbor Canada uses it and had little trouble with it.
The seven previous responses went all the way from bigotry to marijuana with a lot of verbal vomit in between.
Come on guys – the blame lay with the hackers, not party-backers, priests, or pot-heads.
To me, I know it clearly, that the Chinese Communist Party is attaching me. It is state-sponsored.