Google Lets You Know When You’re Being Targeted By State-Sponsored Attacks

    June 5, 2012
    Chris Crum
    Comments are off for this post.

Google announced that will start showing new warnings when it believes users’ accounts may be the target of state-sponsored attacks.

Google says it will show the warnings when it has specific intelligence, though the company won’t share what that intelligence is. The company announced this in a blog post today.

Fave blog title ever: “Security warnings for suspected state-sponsored attacks” http://t.co/mg5etHyO #smx #bondjamesbond
37 minutes ago via web · powered by @socialditto
 Reply  · Retweet  · Favorite

“You might ask how we know this activity is state-sponsored,” writes Google VP Security Engineering, Eric Grosse. “We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.”

“We believe it is our duty to be proactive in notifying users about attacks or potential attacks so that they can take action to protect their information,” adds Grosse. “And we will continue to update these notifications based on the latest information.”

Here’s what the warnings look like:

State sponosred attack warning

As you may recall, Google experienced some hacking incidents a couple of years ago, related to China, before Google ultimately pulled its search engine out of the country. Google also switched to default Https encryption for Gmail following the attacks. It later implemented this as default for signed in users on search as well.

Forbes writer Andy Greenberg writes today:

The company has been especially aware of the ongoing epidemic of state-sponsored espionage since it experienced its own major hacking incident in January of 2010, which was implied at the time to have been carried out by the Chinese government, a notion further confirmed by WikiLeaks’ leaked State Department cables. In March of that year, Google began showing users warnings when it detected suspicious behavior on their accounts. A Google spokesperson tells me those warnings will continue, and that the new “state-sponsored” attack warnings will be added as a separate alert.

Google notes that just because you see the new warning, doesn’t mean that your account has been hijacked. It just means it believes you are a target. If you see the warning, Google says you should: “create a unique password that has a good mix of capital and lowercase letters, as well punctuation marks and numbers; enable 2-step verification as additional security; and update your browser, operating system, plugins, and document editors.”

Google also says the warnings are not shown because its own systems have been compromised or because of a particular attack.

  • eroei

    Since New York Times recently reported that Stuxnet is a US State Sponsored Cyber virus – which if you recall was accidentally released into the wild and affected and attacked innocent end-user machines as collateral damage, and with the ongoing US-Israeli state sponsored cyber warfare weapons of mass destruction (operation Olympic Games) including the more recent releases of Duqu and Flame virus…. can Google clarify if through its detailed analysis as well as victim reports if Google will apply the same exacting standards and warn end-users (both in the US and abroad, example: Iranian users) of these domestic (US) state sponsored attacks as well? Even if Google was to choose to go the higher route, wouldn’t this kind of undermining and subterfuge (however unintentional) really go unnoticed by its host nation? Or are exceptions of convenience made in these cases due to the close ties that Google has with the US intelligence agencies and the confirmed but secret and classified collaboration that the Google has with the CIA and NSA in regards to GMail and Google Accounts? No doubt there is a clear conflict of interest going on here. To me this smells more like Google catering to State Sponsored Propaganda than really caring about the security and privacy of their end-users.