Slashdot Mirror

← Back to Stories (view on slashdot.org)

Escalating Gmail/Spamming Attacks

Posted by kdawson on from the be-careful-out-there dept.

We've been getting submissions about an uptick in compromised Gmail accounts in the last few days, but nothing that could be substantiated. Robert McMillan did a bit of digging and now reports in PC World that "Google is investigating a growing number of reports that hackers are breaking into legitimate Gmail accounts and then using them to send spam messages. The problem started about a week ago but seems to have escalated over the past few days. ... [I]n forum posts, Gmail users note that the hackers appear to be sending spam via Gmail's mobile interface — which gives mobile-phone users a way to check their Gmail accounts — and wonder if there may be a bug in the mobile interface that is allowing criminals to send the spam. ... Google says there's no Gmail bug. ... 'Spammers may sometimes use a mobile interface to access accounts they have already compromised because it's simpler for bots to use this method at large scale.'" Here's how to tell if your Gmail account has been accessed by bad guys, and what to do about it.

24 of 139 comments (clear)

  1. Recent Security Theft at Google by teknopurge · · Score: 5, Interesting

    Wasn't that google sso (Gaia) code ganked recently? Wonder if it's connected....

    --
    Website Hosting
  2. This happened to my significant other by Polarism · · Score: 4, Interesting

    About a week ago, ironically. She had a pathetic password, so I wasn't too surprised. The upside to the story was that we contained it rapidly, and now she actually USES keepass for all her passwords. Woot! Thanks mister Romanian hacker dude.

    --
    All your base are belong to Google.
  3. They have a point by alexborges · · Score: 2, Interesting

    It makes sense bots would use the mobile interface. Its lighter so it uses less bandwidth, so more spam-per-bots == profit.

    --
    NO SIG
    1. Re:They have a point by Monkeedude1212 · · Score: 2, Interesting

      Not to mention the security on a mobile device is about as strong as a wet paper bag, I wouldn't be surprised if they managed to infect mobile devices instead of just using the mobile interface.

    2. Re:They have a point by knarf · · Score: 2, Interesting

      ah, but you did notice that Sophos is in the business of selling anti-virus software? It should not come as a surprise then that they tell you you need it on your phone. They'd try to convince you you need anti-virus on your washing machine and your microwave.

      --
      --frank[at]unternet.org
  4. actual problem is using the same password by pikine · · Score: 4, Interesting

    Apparently this happened to someone I know. She created a third-party web account (in her case, I think it's LinkedIn), entered her Gmail address, and used the same Gmail password for that account. I had to remind everyone I know that some websites *always* check to see if they can log into your e-mail with the password you supplied. Or it could be that the third-party account database was compromised. Either way, always use a different password. A lot of websites apparently store password in clear text, or in non-salted SHA1 or MD5 form so you can easily perform an inverse lookup.

    After she changed her password, her account is clean again.

    --
    I once had a signature.
    1. Re:actual problem is using the same password by 0100010001010011 · · Score: 2, Interesting

      Which is why I use Password Composer

      Lets say my 'password' (mor of a salt) is hunter2.

      For google.com my password is: 9594ab73
      For facebook.com my password is: e288ff0e

      You don't even need to use that form, sha1 or md5 (or even doubled up) should work fine.

      md5(sha1("slashdot.org"+"hunter2")) should provide an adequately uncrackable password.

  5. Breaking in? by Itninja · · Score: 2, Interesting

    Are they really 'breaking in'? If I leave a post-it on my front door that says 'key under mat', and someone uses that to get into my home, I don't believe that's 'breaking in'. So if I have a Gmail password of 'password123', and my account is compromised, can we call that 'breaking in'. Not really sure if computer crime is analogous in this way. Trespassing maybe...

    --
    I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
    1. Re:Breaking in? by Mashiki · · Score: 2, Interesting

      My other gmail account just got yoinked and I'm in the process of recovering it. This account is just fine atleast right now. I use alphanumerics mixed with upper and lower case. And a unique pass on each account. Something...odd is going on.

      --
      Om, nomnomnom...
    2. Re:Breaking in? by plf5403 · · Score: 5, Interesting

      My Gmail account was accessed by the Amazon EC2 cloud about a week ago. (http ://aws.amazon.com/ec2/ ) I have an 18 character upper/lower/numeric/special character password so I'm guessing it wasn't a dictionary attack. "Something" odd is definitely going on. I changed the account password as soon as I was alerted to the unusual IP and have been OK since, but I'm watching the access IP's like a hawk now. An no, I don't use this password for any other web site or application.

  6. Where are your filters now? by damn_registrars · · Score: 4, Interesting

    Can your filters respond to an avalanche of spam from an increasing number of throw-away email accounts when it is relayed by legitimate email servers? Can your filters handle spam email that changes body, subject, header, relay, and source address? How much time are you putting into these filtering configurations to do that?

    Maybe it is time to start thinking about how to actually address the spamming problem now, instead of just dealing with the spam itself. Your filters aren't going to help you forever...

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:Where are your filters now? by damn_registrars · · Score: 2, Interesting

      Maybe it is time to start thinking about how to actually address the spamming problem now, instead of just dealing with the spam itself.

      Except that many did, and those solutions were dismissed because they won't work.

      First, your assertion of "they won't work" is false. Groups have managed to disconnect botnets from their controllers during spam floods, and that does effectively stop spam from being sent. It is far more effective than any filter could ever hope to be at reducing spam-driven network traffic. And when people start pooling their resources to take the proper steps to remove spammers from their profit motives, we will see the real difference.

      And second, are you actually trying to either defend scaling up filters (in an endless arms race) until the end of time, or are you suggesting instead to do nothing at all (which is equally as useful)?

      If people want to actually stop spam, they can't just keep updating filters. Because sticking to filters only increases the cost of spam for everyone.

      --
      Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  7. This happened to a family member . . . by pacergh · · Score: 3, Interesting

    And I reviewed her security protocols. She has a Mac and uses Firefox or Chrome exclusively. This leaves out attacks based on Microsoft security holes (un-updated Microsoft installations, etc).

    She visits sites while still logged into Google. I wonder if there is some way to do that. The only other thing I can think is that she used her email address to create an account at a compromised or fake website and used that email account's password as the account password.

    Nevertheless, I can confirm the unauthorized access was through the mobile interface. In fact, the access point was Portugal.

    The only other thing I can think of is somehow her use of Google's software for accessing her email or syncing her calendar through her iPod Touch might have been compromised. Then again, she only connects to the network here. (Unless she left it roaming.)

    On a side note, GMail, by default, does not require an SSL connection. I wonder if anyone who was hacked had their settings set to require that.

    Anyway, the point is that Google's assertions that accounts are compromised is bogus. If my family member's account was compromised, it was because of an insecurity in Gmail. Either browsing while logged into Google, or by not requiring an SSL connection to access Gmail, I don't know -- but I feel confident the insecurity was not the typical social engineering or browser/chat hole.

    As some have said above -- Gotta love the Cloud!

    I think I'll keep predominantly to old-fashioned email. After all, Google went and picked a fight with the Chinese. Maybe it isn't state-sponsored hacking, but that doesn't mean it's not Chinese hacking.

  8. Happened to one my accounts as well by RootWind · · Score: 3, Interesting

    This happened to a gmail account that I use specifically just to auto-forward e-mails. I never log-in to it since all it does is forward, and it had a pretty secure password. I would imagine a spammer wouldn't just brute-force random accounts?

  9. Funny by vikingpower · · Score: 2, Interesting

    A rapid scan shows that most of those who, here on this page AND are complaning about or admitting to having gmail accounts hacked, are within the US. I am in Austria, and know of no compromised accounts whatsoever - friends, acqaintances, etc. etc. Although the Serbian hackers are damn close... Coincidence ?

    --
    Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
  10. GMail's Security is Crap by virb67 · · Score: 5, Interesting

    Gmail's security sucks and it's customer service is non-existent. Try getting Google to respond to your attempts to regain control of your own gmail account after it's been hacked.

    My friend had her gmail hacked recently. The hackers locked her out, changed her private info, and then sent this email to every single one of her contacts:

    "i'm sorry for this odd request because it might get to you too urgent but it's because of the situation of things right now,We are stuck in london right now,we came down here on vacation ,we were robbed, worse of it is that bags, cash and cards and cell phone were stolen at GUN POINT, it's such a crazy experience for us, we need help flying back home, the authorities are not being 100% supportive but the good thing is that we still have our passport but dont have enough money to get on a plane back home, and i need you to loan me some cash just to complete the ticket fee till we are back home to refund it back to you,i'm dead serious about this.hope to read back from you asap."

    The hackers then sat logged-in to her account pretending to e her, and chatted with her contacts via gmail chat begging them to Western Union cash ASAP.

    Over the course of many hours, we tried to regain control of the account via Google's automated system, but we were repeatedly denied. There was no way to contact an actual human being at Google. After a day of pleading on Google forums, control was finally returned to the accounts rightful owner, but the damage was already done.

    Google encourages people to trust gmail with their most sensitive personal data. I think their negligence and lack of response regarding their own products' defects borders on criminal.

  11. Recovery Options Slim to None by rothstei · · Score: 4, Interesting

    Happened to my spouse. Password was more than eight characters, letters, numbers, etc. but I think her work is the likely vulnerability (these free screen savers are great!) No more of that now, obviously. The awful part was trying to get the account back. Because of Gmail's "Swiss Bank Account" set up, there is no way to prove you are the real user. She lost access to Email, Docs, Calendar. She just kept filling out the form, and getting rejected. Google advises to set a security question, but that was the second thing changed, after the password. Only after filling out the form over and over for 10 days, was she finally judged to be "real", and her password was reset. For the cloud to take off, there has to be a better structure. A local admin structure? If we were going to start using Google products again fresh, I would sign us up for a free Apps domain, and then give us each user accounts. (When I first signed up for free Webmail, not only did I not know my spouse, I had no idea much of our data-lives would eventually be linked to the account.) That way, if anything untoward happens, I can login as admin from home and reset the accounts. Unfortunately, I don't think there's a way to link personal accounts into an Apps set up. Not yet anyway (crossing fingers). My other work around is that I set up a proxy double email account, to which my real address forwards everything. If for some reason I need to read my email from an unsecured computer, I log in to the proxy account, where I can read copies of all my mail. If its compromised, I cut it off from the actual account faster than a zombifying limb. Still not a great solution, because all my mail is compromised, but at least I don't lose control of my email address and the rest of my Google account.

  12. compromised by echostorm · · Score: 3, Interesting

    I seem to have been compromised by Chinese mmorpg gold farmers. They even send their sent mail to the trash, which I find interesting. They have sent over 15 emails already in the past 4 hours advertising the site: www.Mmop.com from ip 58.20.79.212. What is most interesting about this is the fact that the password on this account isn't exactly what I would call easy to guess, and has to have been lifted from another site or source.

  13. /me too by self+assembled+struc · · Score: 2, Interesting

    happened to me on sunday. and six other friends. 25 people i know since sunday have gotten hit as well.

    obnoxiously there's no way to report the incident to google. all the help stuff is self-serve and the "send feedback" link is a closed beta.

    i had a 28 character password of numbers, letters (upper and lower case) and punctuation that I only used for gmail, so it's highly doubtful they were able to guess at that.

    somehow i feel like this is linked to the theft of their security software

    1. Re:/me too by Anonymous Coward · · Score: 1, Interesting

      Instead of starting my own me too I'll just respond to one. I was hit as well. Incidentally, it was on a gmail account I go to paranoid lengths to keep secure. It was on my gmail account I specifically use for my online banking, broker account, etc. I've never sent a single email on it. The password was 20 characters long of random characters, letters, and upper and lower case. The password was not in any way related to any other password I use. Also, I only ever log into this account from an old, tightly secure linux box that I use only for paying bills online and accessing electronic banking--never for general web browsing or anything else at all. I disable wireless on every computing device I own. I have never shared my password either or written it down. Most people say I go to paranoid lengths with computer security and even I was hit. I really have no idea how I was hit. I even use ad block, no script, flash block, and always type in the URL to any site I go to on that box.

  14. Re:Got mine too by Jahava · · Score: 4, Interesting

    This type of thing happened to a friend of mine. At 1 in the morning I got an e-mail from him advertising Viagra. After some decent analysis we concluded that his illegal copy of Windows 7 was probably to blame. My belief is that the ISO came with a rootkit gratis.

    I'm writing this half as a "me-too" and half as a note of caution ... illegal operating system downloads are probably the easiest way someone can infect you. If you're running under such a configuration, I'd re-evaluate the cost ... or consider a better option :)

  15. Interesting choices in software by griffinme · · Score: 2, Interesting

    From the page where Google talks about keeping your account secure....
    "We can tell you, though, that trying all of these programs often makes a difference, as does having the latest versions.

            * Google Pack - Norton Security Scan, Spyware Doctor
            * Kaspersky Free Virus Scan
            * Spybot Search and Destroy
            * Lavasoft Ad-Aware
            * MacScan"

    Norton is not part of the Google pack. Besides, when did it become a good idea to run more then one anti-virus? I always thought that was a good way to cause problems with them fighting each other over a virus.
    From the Google Pack page...

    "Learn more about Google Pack Software

            * Google Chrome Web Browser
            * Google Apps
            * Google Earth
            * Google Toolbar for IE
            * Spyware Doctor with Anti-Virus
            * Google Desktop
            * Picasa
            * Adobe Reader
            * Firefox with Google Toolbar
            * Google Talk
            * Skype
            * RealPlayer"

    What is interesting is that it includes Chrome and Firefox. It is nice to see them recommending Spybot. It has long been a favorite of mine that seems to have lost some of its popularity over the past year or two. On the other hand, they have RealPlayer in the Google Pack and I have despised them for ages.

    --
    Is he strong? Listen bud, He's got radioactive blood.
  16. GMail has always had extremely lax security by green1 · · Score: 2, Interesting

    Although this isn't directly related to this particular occurrence, I think Google has some serious security issues to deal with on the entire gmail platform. I am a forum admin, and I find that the vast majority of spammers who sign up for accounts do so with a gmail account. most of these appear to be bots, they are only marginally slowed down by our captcha, so I suspect they have no trouble with google's either. The fact that such a large percentage of the spam comes from accounts set up through gmail tells me that spammers find it to be the easiest email system to break in to with automated tools.
    If I had the option I would simply ban all registrations from gmail accounts, it would eliminate the vast majority of our forum spam. Unfortunately though too many of our legitimate users also use gmail accounts.

  17. happened to my better half by outdated · · Score: 2, Interesting

    she clicked on a link sent by one of her friends, and it asked for her gmail password, which she duly filled in.
    Luckily for her, she was online on gmail when the hacker started sending mails and phishing links to her other friends,
    and we immediately changed the password, and forced signed out all other sessions [yes, that little feature on gmail recent login details came in handy.]

    The account is safe now, and more importantly.. she learned her lesson, not to give away her passwords to any random site.