Slashdot Mirror
Google Uncovers China-Based Password Collection Campaign
D H NG writes "Google announced that it recently uncovered a campaign to collect users' passwords. The campaign, apparently originating from China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists. Google said it detected and has disrupted this campaign and has notified victims and secured their accounts, as well as notified the relevant government authorities."
So is this an act of war by china?
,,,What ?
...air strikes?
it isn't a data breach, Google has uncovered a campaign to steal passwords. Well done Google.
My wife's Gmail account got caught up in this! Last weekend I received some spam from _her_ gmail account. We immediately logged in and Google said that it had detected suspicious behavior and made her reset her password. It then showed us the connection log... and everything looked normal except one particular connection: FROM CHINA!
We were pissed.... but it doesn't appear that anything else was compromised (she didn't have anything sensitive in her Gmail account luckily).
Things really seem to be escalating on the 'net lately... from PS Network to Lockheed and now to Gmail. I really have to wonder if China is _actively_ participating at this point...
Well, they say it's a phishing attempt, which I wouldn't lump together with a "data breach".
The real reason Google is upset about this is because China isn't paying them to get the information like everyone else. Google is pissed that China is cutting out the middle man.
Password
passw0rd
123456
hunter2
I eat only the real part of complex carbohydrates.
If only it didn't take so many clicks more people would do it.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I'm just sayin, maybe turn the LOIC on China for a bit?
I think Sony may have learned at least a partial lesson now.
-AI
For me, it is far better to grasp the Universe as it really is than to persist in delusion
"as well as notified the relevant government authorities.""
"Yeah, we know.... Uh.. I mean really? Collecting passwords, you say?"
So with the recent US policy stating any hack done by a foreign body onto critical systems will be considered an act of war. Will this constitute an act of war? Also are politicians gmail accounts critical?
Why target South Korean officials?
I'd be very disappointed if China was feeding this information to support North Korea. At the least, I would hope China knows that Kim Jong Il is a dirtbag and would only be doing things to appease them, but not directly support them.
looking to take it hot one day. We in the west are way to complacent. It is time for western citizens to re-think what is happening.
... is this an act of war on China's part or not?
The masses - and the majority of our elected leaders and small business owners across the country - just don't know it.
It's a "soft" war(e) I suppose. No muskets involved.
where they won't let you use your credit card account abroad unless you phone ahead and tell them you will abroad and its ok if they start getting charges from bangkok or antigua
maybe it's time for email providers to do the same: "no logging into my account from foreign ip blocks unless i tell you its ok"
and the default for this protection should be "on". your average user won't take the time to hunt for this menu item and enable it
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I have google in my pants.
The world is currently in the early stages of a great depression. The huge increase in computer crime and the revolts in arab countries are just symptoms of that.
They also posted crotch pics of Anthony Wiener. Did you want to see or even think about his cock? Too bad motherfucker, it's all over the news. I think I'm going to throw up.
Do you even lift?
These aren't the 'roids you're looking for.
Or how does it know what type of transaction certain users accounts are undergoing..
I'm not sure I want Sergey and Larry to record that I deal with fattyBDSM websites.
I got an email from my own gmail account one day last week telling me to buy fake ipads in bad english. logged into my gmail account, whaddya know? The same email had been sent to everyone on my contacts list. I immediately changed my password and sent everyone an apology. A few days later i received a notice from google saying that they suspect something weird is going on because someone has logged into my account from china. I'm like, yeah, i figured that out. They didn't force me to change my password, perhaps because i'd already done it.
The actual message:
Dear:
I have good news for you . Last week.
I have Order china Quantity:26 Products New Apple 32GB IPAD2
I have completed bank payment. I have received the product New Apple 32GB
IPAD2!
w e b: www.eoaroo.com
It's amazing! The item is original, brand new and has high quality,
but it's muc cheaper. I'm pleased to share this good news with you!
I believe you will find what you want there and have an good experience
on shopping from them
Thank you!
Have any details been released? This sounds curiously like an e-mail-based phishing campaign, if the passwords weren't obtained from Gmail's own systems and they weren't exploiting a software vulnerability.
Someday, you're going to die. Get over it.
If I were hacker, I wouldn't let you track and always pretend to be an easy target to blame, like China. Only fool can tell exactly where the hacker is.
Everything comes from nothing.
First we thought World War 3 would be between NATO and the Warsaw Pact. After the fall of the wall, we thought that it would be war between the US and China (or maybe NATO and the SCO).
But we now can see the truth: World War 3 will be a war between Google and China.
My god have mercy on our souls.
1. Declare "cyber-crime" against the government officially a war crime.
2. Release details on a not-so-friendly foreign nation's shady online behavior.
3. Boom???
4. Profit!!
The eternal struggle of good vs. evil begins within one's self.
This happened to me but it was about a year ago. I went to check my gmail and it said it had recently been accessed from China. I immediately reset my password on every account that I had everywhere. Not that my passwords are the same, but with access to my gmail the attacker could change or find out my password for almost every site I visit. I have no idea how they figured out my password, I didn't use it elsewhere, it was a made up word, 9 digits long, with 2 numbers and a symbol in it. If they could guess that... well, I just dunno.
These people need professional advice, or common sense: Don't store highly valuable (i.e., dangerous to people's lives), confidential information on a free public webmail service!
Really, how hard is that to figure out? How many very well-publicized successful attacks has Google experienced, and they still haven't figured it out?
Do it!
Who Wanta some Wang!!!?!!?!?!!?!
why do chinese political aktivists use gmail there are far more secure email systems they can use and why would miltiary and political officials use it when they have acces to government email systems except when they dont want their emails to be read and archived for the public intrest. Also why is it only Gmail that keeps on getting attacked by the chinese are they the only ones who mention it?
So google is reading people's email, in order to warn people that the Chinese is trying to read their email?
I like to politely suggest google to fuck off.
These are the same people responsible for the war on drugs, and the war on terror. Yeah, we're gonna have a war on an idea.
Thoughtcrime.
Look at China's attitude towards everything going on in the world.
The only thing China is concerned about is their own stability and economic growth.
They didn't openly pick a side in the war on "terrorism".
No reaction to the conflict in Libiya, or any other conflict going on in the world.
Their only reaction was to shorten the leash on their own people. (I know because I live in Beijing).
China wants nothing to stand in the way of their growth.
They used to be North-koreas only ally, they still are. But they are now backing away from that as well. Asking Kim Jong ill to stop the nuclear projects.
But still being friendly to North Korea, to not anger any side.
I don't think they will risk foreign relationships by hacking people like this. Only if they feel it is justifiable.
ICMBs, or it didn't happen!
Is anyone really surprised by this? I don't mean to cast aspersions on everyone in China but dammit if they don't have a huge right wing group of people who are hell bent on enforcing totalitarianism on not only themselves but the world at large.
And the kicker is that we have had our own group of people who viewed 1984 as a manual rather than a cautionary tail working since the 60's.
I'm sorry but for everyone that view the right wing slide as OK you are so wrong. So very wrong.
Really, I know what I'm doing...Ohhhh, look at the shiny buttons!
I noticed the revolting arabs too.
Err, one? http://googleblog.blogspot.com/2010/01/new-approach-to-china.html After that, gmail gained 2-factor authentication (not necessarily because of it). I honestly don't know if other popular webmail services have that, they might. Do other webmail services use https by default?
The alternative is to use the private webmail service that you wrote in-house that has had no real security testing and rely on security through obscurity. Or were you suggesting we use the paid-for version of the exact same webmail service that everyone can get for free? If you're stupid enough to fall for a phishing scam, then you'll do so no matter what it is. "Oh, but this email I got in gmail on my mac totally looked like I was running in Lotus Notes on my windows PC, so I was, wasn't I?"
Google search technology by relying on software that can simultaneously conduct a series of operations, and only a few moments to complete all operations. The traditional text search engine depends largely on the frequency appears on the page. Google uses PageRank? Technical examination of the entire link structure, and determine which pages are most important.Then hypertext-matching analysis to determine which pages are relevant to the specific search. After considering the overall importance and query-specific relevance after, Google can be the most reliable and most relevant search results first.
I had a few clients of mine experience this over the last few weeks. It has not been pleasant to say the least! It took me almost 3-4 days to recover the "password and account" on one of the Gmail accounts that had been "flagged" (so to speak) which I thought was RIDICULOUS. I mean if you "live and die" by your email - like I do, 3-4 days would be an ETERNITY. My thoughts anyhow. Nice post!
The Nerd Blurb - If a Nerd Doesn't Know, No One Knows!
So, uh, I trust my security to... myself? Instead of someone whose job it is to keep on top of shit like this? Even my work offers webmail with their email addresses.
When will google include an option to restrict access to your account from (a) your default country (b) any other countries you add to the whitelist?
So simple, why haven't they done this already?
A couple of months back I noticed some suspicious activity in my wife's gmail account. I do not remember the exact details; it is possible that I received a mail from her account that did not make sense. When I checked the last account activity for her account, I was surprised to find that one of the IP addresses was from China. I did a reverse whois lookup and I could find the domain name, location and owner of the domain. It was decidedly from China.
We are Indians, have nothing personal to do with anything Chinese, the password was non-trivial, the machine runs genuine OS and has up-to-date virus protection. I have no idea how the password got stolen. My wife is not computer savvy, but I do not think she would ever give away her password. It must have been a brute-force attack.
Unlike democracies where the governance is amorphous by nature, China, given its Communist oligarchy, acts as a single entity. I have no doubt that the attack can be directly attributed to the Chinese Government. But why was it carried out against my wife's account? It is as disturbing as it is frightening.
After harvesting your password, they would then try to change your forwarding and delegation settings. Since this would be done from their machine, they'd face a 2-factor challenge prompt from gmail which they could not meet, unless they had also stolen your phone.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
I use Lastpass (which got hacked recently, but my LastPass crypto password was pretty secure). I also use the Google 2 Step Authentication. Once Facebok implements this as well, I will switch immediately. I log in to most sites with either Google or Facebook. I prefer Google, because it's usually just confirming the email, whereas apps that log in to Facebook want access to data, my wall, my friends, etc. That's as stupid, imo, as an app or site asking, "Login with Google, and give us permission to read your email and send email as you."
What many people don't know is that Google has some privacy features built in if you know where to look. At the bottom of the page it says something like:
Last account activity: 4 minutes ago at this IP (127.0.0.1). Details
Click Details and you'll see:
This account does not seem to be open in any other location. However, there may be sessions that have not been signed out.
Browser * United States (NY) (127.0.0.1) 5:45 am (0 minutes ago)
Browser United States (NY) (127.0.0.1) 5:39 am (5 minutes ago)
Mobile United States (NY) (127.0.0.1) 4:03 am (1.5 hours ago)
Mobile United States (CA) (127.0.0.2) 6:19 pm (11 hours ago)
Browser United States (NY) (127.0.0.1) Jun 1 (18 hours ago)
Mobile United States (NY) (127.0.0.3) Jun 1 (20 hours ago)
Now, unless you were in CA recently (or have a proxy), this shows that someone hacked your account 11 hours ago from California.
Click the "Sign out all other sessions" button, then go change your password ASAP and enable 2 Step Authentication if you haven't already.
I8-D
These people need professional advice, or common sense: Don't store highly valuable (i.e., dangerous to people's lives), confidential information on a free public webmail service!
What evidence is there that the victims stored such information on public servers? A personal account with no work mails could still give enough info to compromise accounts elsewhere.
BitDefender researcher says this is exactly what he was expecting: more and more companies that keep large amounts of personal/confidential/private data being attacked.
"We believe that fraudsters are corroborating all these information (corporate hacks or leaks), malicious mobile and social network apps into creating profiles of people everywhere in the world, with the purpose of creating better social engineered attacks, and everybody is a possible victim." says Catalin Cosoi from the Online Threats Lab."
And also: "Monitoring a political personality's email (especially a personal one) can lead to a really nice profit for an attacker, no matter if he is just a hacker or a bigger organization is involved. Besides personal information, monitoring the private conversations can lead to blackmail and extortion and/or manipulation of the individual into performing different actions."
"Blaming these misdeeds on China is unacceptable," Chinese foreign ministry spokesman Hong Lei told a news briefing in Beijing, according to The Telegraph.
"Hacking is an international problem and China is also a victim. The claims of so-called Chinese state support for hacking are completely fictitious and have ulterior motives."
Here is a picture of the spokesman.
I8-D
i hate facebook, but i'll be the first to agree with you that facebook deserves praise and admiration for initiating this genius account policy. good job facebook
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Google: "We discovered a plot to hack users' accounts originating from China."
Chinese government: "We deny your claims that the Chinese government is trying to hack into Gmail accounts!"
Google: "We never said it was the government--oh SNAP!"
"Invalid username and/or password. Please enter your email password, not your LinkedIn account password"
You can try that yourself, using any dummy email address.
I saved a screenshot here.
(notice that it's not even a secure -https- page!)
Ok, I said to my myself, it seems I must enter my google password... I entered it, press "continue"... and two seconds later I though:
"Wait a moment... What...? What I have done?? How can linkedin ask me to sent to THEM my Google password ? Are they nuts? Am I nuts?"
I immediately went to my Google account and changed my password, just in case. But I still can't understand it.
I have several gmail accounts, a couple I never check so I started logging into them to see and sure enough one of them had the alert from google and looks like Turkey Poland and Serbia all got a little action and sent e-mail messages each with single hyperlinks to what seems random people in that accounts contact list. fortunately everyone except one person no longer has/uses the addresses stored there so they all got bounced back.
Recent activity:
Access Type [ ? ]
(Browser, mobile, POP3, etc.) Location (IP address) [ ? ] Date/Time
(Displayed in your time zone)
Browser * United States () () *:** am (0 minutes ago)
Mobile Serbia (79.175.81.24) May 28 (5 days ago)
Mobile Poland (89.73.249.63) May 13
Mobile Turkey (78.165.210.9) May 13
Alert preference: Show an alert for unusual activity. change
This is pretty close to an act of war. If the U. S. were not so utterly deeply indebted to, dependent upon, and subservient to China, Saudi Arabia, etc., we could and would take action against this kind of attacks, but our current government won't do anything but empty protests because we're afraid to upset them.
I mean, don't use any webmail at all. Use your own local mail server.
So, uh, I trust my security to... myself? Instead of someone whose job it is to keep on top of shit like this? Even my work offers webmail with their email addresses.
I think that is a valid issue (though I'm not sure what your workplace has to do with it, unless you work with top secret data). But I think it's overridden by the fact that Google and GMail are huge targets for attackers; that their service, by design, makes the confidential data accessible from any computer in the world via a web browser; that thousands of Google employees and contractors (I'm guessing at the number) have access to the data and/or physical access to the servers; and that you are putting life-and-death information in the hands of an outside company (Google).
No security consultant would recommend that design for highly valuable confidential data. That's not how the military or NSA stores its most valuable data.
They need private mail servers, with proxies and firewalls between the servers and the public Internet (and attackers), with proper security including minimized access, even for authorized users.
Let me guess? Weiner had his password stolen, and a private photo was leaked to twitter?
No, I will not work for your startup