Recent Gmail Attack Reportedly Targeted White House Employees
White House workers were reportedly targeted in recent attacks against Google’s Gmail service, said to come from hackers in China. The White House has not indicated who exactly was targeted, but has said that there were no official messages compromised.
A report from Devlin Barrett and Siobhan Gorman at the Wall Street Journal says:
The hackers likely were hoping the officials were conducting administration business on their private emails, according to lawmakers and security experts.
The government has acknowledged senior administration officials were targeted in the “phishing” attacks on hundreds of users of the email service. White House officials declined to discuss who was targeted.
The Obama administration reiterated Thursday that no official messages were compromised. But lawmakers and outside computer-security experts said recent White House history suggests administration officials sometimes use personal email to talk business, despite rules against doing so.
Google is currently said to be working with the Department of Homeland Security and the FBI, investigating the attack.
On June 1, Google wrote on its blog:
Through the strength of our cloud-based security and abuse detection systems*, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.
The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.)
Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities.
It’s important to stress that our internal systems have not been affected—these account hijackings were not the result of a security problem with Gmail itself. But we believe that being open about these security issues helps users better protect their information online.
As you probably know, this isn’t the first time Google has been involved with China-based hacking. About a year and a half ago, incidents actually led to Google directing its Chinese domain to Hong Kong.
Earlier this week, it was reported that the Pentagon has decided that cyber attacks can be considered acts of war, a subject that will be addressed in its cyber strategy, which will be made public (in part) sometime this month. According to the Wall Street Journal, the Obama Administration is not going to raise the matter with the Chinese government until more facts become clear.
It would seem, however, that the Chinese government is raising the matter anyway. Rachel King at ZDNet is reporting that China has refuted claims that it was responsible for the incident, and is accusing the U.S. of starting a global “Internet War”. Meanwhile, neither the U.S. government or Google has pointed the finger at the Chinese government yet.