Thursday, June 7, 2012

INTERNET - Google Warning for GMail Users

"Google to warn users targeted by state-sponsored attacks" by Josh Rogin, Foreign Policy 6/5/2012

UPDATE: A senior Senate aide confirmed that this evening he received a warning on his Gmail account that Google suspected he had been the target of a state-sponsored cyber attack.

Web giant Google is about to announce a new warning informing Gmail users when a specific type of attacker is trying to hijack their accounts -- governments and their proxies.

Later today, the company will announce a new warning system that will alert Gmail users when Google believes their accounts are being targeted by state-sponsored attacks. The new system isn't a response to a specific event or directed at any one country, but is part and parcel of Google's recent set of policy changes meant to allow users to protect themselves from malicious activity brought on by state actors. It also has the effect of making it more difficult for authoritarian regimes to target political and social activists by hacking their private communications.

"We are constantly on the lookout for malicious activity on our systems, in particular attempts by third parties to log into users' accounts unauthorized. When we have specific intelligence-either directly from users or from our own monitoring efforts-we show clear warning signs and put in place extra roadblocks to thwart these bad actors," reads a note to users by Eric Grosse, Google's vice president for security engineering, to be posted later today on Google's Online Security blog, obtained in advance by The Cable. "Today, we're taking that a step further for a subset of our users, who we believe may be the target of state-sponsored attacks."

When Google's internal systems monitoring suspicious internet activity, such as suspicious log-in attempts, conclude that such activities include the involvement of states or state-backed initiatives, the user will now receive the specialized, more prominent warning pictured above. The warning doesn't necessarily mean that a user's account has been hijacked, but is meant to alert users that Google believes a state sponsored attack has been attempted so they can increase their security vigilance.

Google wants to be clear they are not singling out any one government for criticism and that the effort is about giving users transparency about what is going on with their accounts, not about highlighting the malicious actions of foreign states.

"If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account," Grosse writes. "You might ask how we know this activity is state-sponsored. We can't go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis-as well as victim reports-strongly suggest the involvement of states or groups that are state-sponsored."

Google insiders told The Cable that Google will not be giving out information on which governments it sees as the most egregious violators of web privacy. For Google, the new initiative is not an effort against governments but a way to help its users help defend and protect themselves.

Users who click through the new warning message will be directed to a page that outlines commonly seen security threats and suggests ways users can immediately raise their level of security on Gmail.

"We're constantly working to prevent harmful activity on our services, especially attempts to compromise our users' information," the insider said. "The primary message is: we believe that you're a target so you should take immediate steps to protect your account."

The new announcement comes only days after the company said they would alert users in mainland China when they use search terms that are likely to be censored by the Chinese government. According to another of Google's official blogs, that move was meant to improve the search experience for Chinese users by allowing them to avoid terms that would result in stalls or breaks in their search experience due to government filters.

For example, Google said that Chinese users searching the character for "river," which is "jiang" in Chinese, causes technical problems. The same character is also used in the search for former Chinese President Jiang Zemin.

Google didn't specifically mention Chinese censorship in its notice about Chinese search terms, apparently in an effort not to antagonize the Chinese government any more than necessary. Google and Beijing have been at odds since 2010, when the company announced it would no longer censor search terms on the Google.cn and moved the bulk of its Chinese operations to Hong Kong.

That move followed a series of Gmail attacks in 2010, directed at Chinese human rights activists, which were widely suspected to be linked to the Chinese government. Following those attacks, the government-controlled People's Daily publicly accused Google of being an agent for U.S. intelligence agencies.

While last week's announcement and this week's announcement are both being presented by Google as user based initiatives not directed at foreign governments, Google CEO Eric Schmidt has been speaking out publicly and forcefully in recent months about the potential negative role governments can play in circumventing internet freedom.

"While threats come from individuals and even groups of people, the biggest problem will be activities stemming from nations that seek to do harm," he said in London last month.