Google Uncovers Computer Attack in Gmail Service from China; Chinese Gov Denies Hack

Google Inc. uncovered a computer attack from China, which targeted prominent users of its Gmail service, potentially further complicating relations between the Internet giant and the country with the highest number of Internet users.

Source: Source: WSJ - Amir Efrati | Published on June 2, 2011

On Thursday China denied that its government had a role in recent hacking attacks against users of Google Inc.'s email service. But in recent weeks the government has acknowledged taking a more active role in policing cyberspace to provide for domestic defense.

Google said hundreds of Gmail users, including U.S. government officials, Chinese activists and journalists, were tricked into sharing their passwords with "bad actors" based in China. The attackers were able to read and forward the victims' email.

The Web search company, which has blamed China for a previous attack on the company's computer networks, said its security and abuse detection systems recently discovered that users of its popular Gmail service had fallen for what are called "phishing scams." Such exploits trick users into sharing their passwords. The campaign "appears to originate from Jinan, China" and targeted specific individuals, the company said.

The company declined to comment on the identities of the affected individuals, how it traced the attacks to Jinan or who may be behind the incident.

The goal of the hijacking campaign "seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to" get in-bound emails to be forwarded to accounts of their choosing, wrote Eric Grosse, an engineering director on Google's security team, in a post on the company's blog.

He said the company notified victims of the hijackings and secured their accounts and added that it "notified relevant government authorities."

Mr. Grosse also encouraged Gmail users to better protect their information online by using what's called a "two-step verification" when logging into Gmail so that the system can recognize the computer or mobile device from which a user is logging in, not just his or her password. The process"protected some accounts" from the China-based attack, he said.

The company has said there are more than 200 million Gmail users.

Google's decision to point the finger at China follows its disclosure in January 2010 that the company said it had been hit with a cyber attack originating from China. The attack targeted as many as 34 different companies or other entities, people familiar with the a U.S. probe of the incident have said.

At the time, Google said it had suffered a "highly sophisticated and targeted attack on our corporate infrastructure originating from China" the previous month, which it said resulted in "the theft of intellectual property." The Google said a primary aim of the attackers appeared to be to hack the Gmail accounts of Chinese human-rights advocates.

In response, Google said it would stop obeying the Chinese government's requirement to censor search results, which it had been following since its China-based Web-search site opened in 2006. China's own Internet filters now censor Google's searches

Eric Schmidt, Google's chairman, said Tuesday the company has made many improvements to its security systems since the initial attack.

"Google is massively more protected than we were a year ago," he said, during an interview at the The Wall Street Journal's "D9: All Things Digital" conference in southern California.

Mr. Schmidt said the company had discovered that "lots of other companies were attacked in similar ways," suggesting that many companies do not report such incidents. "It is better to be transparent about these things," he said.