Google Reveals Attack On Gmail

Hundreds of personal accounts, including those of senior U.S. government officials, are affected

Dark Reading Staff, Dark Reading

June 3, 2011

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Google this week revealed a phishing attack that targets users of its Gmail accounts, including well-known government officials.

"Through the strength of our cloud-based security and abuse detection systems, we recently uncovered a campaign to collect user passwords, likely through phishing," Google said in a blog.

"This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries ]predominantly South Korea], military personnel, and journalists.

"The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings," the blog states.

Google said it has "disrupted" the phishing campaign, notified the victims, and "secured" their accounts. The search engine giant said it has notified government authorities.

"It’s important to stress that our internal systems have not been affected -- these account hijackings were not the result of a security problem with Gmail itself," Google states.

Many security vendors and experts offered their perspectives on the Gmail attack.

"This Google attack is another example that supports the premise that if your organization has any electronically stored information that could be of value to someone or some other organization, then you should assume that an attempt to access it will be made though some type of cyber attack or social engineering attempt," said Mike Paquette, chief strategy officer at Top Layer Security.

"Phishing attacks are requiring less user intervention," Paquette said. "In fact, today, many of these attacks are no longer directly 'asking' users to provide sensitive information, but instead rely on tempting the user to click on a hyperlink, launching their Web browser to a malicious website that will remotely exploit their computer, depositing malware that will simply steal the sensitive information and exfiltrate it."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights