Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Uncovers China-Based Password Collection Campaign

Posted by samzenpus on from the all-your-passwords-are-belong-to-us dept.

D H NG writes "Google announced that it recently uncovered a campaign to collect users' passwords. The campaign, apparently originating from China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists. Google said it detected and has disrupted this campaign and has notified victims and secured their accounts, as well as notified the relevant government authorities."

19 of 186 comments (clear)

  1. excellent PR by Google by Presto+Vivace · · Score: 3, Insightful

    it isn't a data breach, Google has uncovered a campaign to steal passwords. Well done Google.

    1. Re:excellent PR by Google by SpaceLifeForm · · Score: 3, Informative

      That is because it was NOT a data breach at Google, but a phishing campaign.

      --
      You are being MICROattacked, from various angles, in a SOFT manner.
    2. Re:excellent PR by Google by praxis · · Score: 2

      I think what you mean is if users give up their passwords to a site that cannot have its identity verified, it's their own fault. Giving up your password to Google is practically a requirement for using their Gmail service. Until we have better browser user-interfaces for authenticating sites, it will be very hard to prevent phishing attacks that look authentic. Getting rid of the address bar is probably not one of those improvements.

  2. Happened to My Wife by friedmud · · Score: 4, Interesting

    My wife's Gmail account got caught up in this! Last weekend I received some spam from _her_ gmail account. We immediately logged in and Google said that it had detected suspicious behavior and made her reset her password. It then showed us the connection log... and everything looked normal except one particular connection: FROM CHINA!

    We were pissed.... but it doesn't appear that anything else was compromised (she didn't have anything sensitive in her Gmail account luckily).

    Things really seem to be escalating on the 'net lately... from PS Network to Lockheed and now to Gmail. I really have to wonder if China is _actively_ participating at this point...

    1. Re:Happened to My Wife by Anonymous Coward · · Score: 2, Insightful

      I kind of wonder how China's great firewall plays into plausible deniability for these things.

      For example if China blocks civilian access to x service, and we see hacking attempts to x service originating from China, shouldn't there be a pretty good explanation?

    2. Re:Happened to My Wife by Miamicanes · · Score: 2

      Keep in mind that China is a country with 4x the population of the US, and has at least the same percentage of corrupt politicians with ties into organized crime who can get the police, firewall-maintainers, and everyone else to look the other way when necessary.

      Are there lots of attacks coming from China? Absolutely. Do the flourish there because the government is unwilling or unable to meaningfully fight them? Sure. Does China have its own government espionage agency with more or less the same goals as the CIA? Of course. Is there actually an official division of China's government tasked with waging cyber warfare against the US? I doubt it. Cash and corruption are perfectly good explanations.

      A favorite scenario thrown around Slashdot is China using the internet to sabotage America's financial system... totally overlooking the fact that Chinese investors *own* an increasingly huge chunk of America's financial system, and their hands go as deeply into the pockets of China's leaders as those of their counterparts in the US.

      This doesn't mean that the US should passively tolerate it, but rather illustrates that calls for a military department of cyber warfare is totally the wrong approach because it assumes the wrong reasons, the wrong motives, and would ultimately be gearing up to fight the wrong war against the wrong people (while the ones really causing problems slip under the radar and keep doing it).

  3. Re:...Wh.. by milkmage · · Score: 3, Informative

    where the hell have you been?

    "In its first formal cyber strategy, the Pentagon has concluded that computer sabotage by another country could constitute an act of war"

    http://www.msnbc.msn.com/id/43224451/ns/us_news-security/t/sources-us-decides-cyber-attack-can-be-act-war/

  4. Re:So... by creat3d · · Score: 2

    No, just a tighter grip on "Anonymous", whoever the fuck that is.

    --
    Grammar nazis are to this community what excrements are to gold.
  5. Gmail passwords collected so far.. by Megahard · · Score: 4, Funny

    Password
    passw0rd
    123456
    hunter2

    --
    I eat only the real part of complex carbohydrates.
  6. Re:Hmm by Fluffeh · · Score: 3, Insightful

    I think this falls under that lovely "espionage" blanket. You know the "other guys" are doing it, they know that you are doing it. But everyone pretends like it isn't going on and no-one bats an eyelid in public. However, behind closed doors, this sort of action is driving yet another wedge into the relationship - but at the same time also driving more funding into your own budgets for doing a similar thing to the "other guys" yet again.

    My guess is that the fallout of this will be that there will be a project launched with some funny nondescript name that tries to get similar intel on the Chinese. They will likely get wind of it, but be unable to do anything about it as there will never be undeniable proof of the point of origin.

    This sort of thing went on for decades (and still does) with the US/Russians, the middle east and just about every European country. It just (mainly) never sees the light of day. The Chinese seem to be getting caught more of late though - which can mean that either they are pretty poor at it compared to the rest (dubious) or their program is a whole heck of a lot bigger and more ambitious than the other players in the game - which I think is much much more likely.

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
  7. credit cards have a feature by circletimessquare · · Score: 2

    where they won't let you use your credit card account abroad unless you phone ahead and tell them you will abroad and its ok if they start getting charges from bangkok or antigua

    maybe it's time for email providers to do the same: "no logging into my account from foreign ip blocks unless i tell you its ok"

    and the default for this protection should be "on". your average user won't take the time to hunt for this menu item and enable it

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  8. Desperate people do desperate things by currently_awake · · Score: 3, Informative

    The world is currently in the early stages of a great depression. The huge increase in computer crime and the revolts in arab countries are just symptoms of that.

    1. Re:Desperate people do desperate things by xyphor · · Score: 2

      Right. And The World Is Going To End On May 21, 2011. Oh wait, that passed. And nothing happened.

      If I had mod points, I'd go with off-topic or troll, but since I don't I'll say this:

      People who ignore the graveness of the world economy, and especially the USA's, should read up on it. You may think it does not affect you. It will. This isn't a religion or cult, it is mathematics.

  9. Re:Hmm by nurb432 · · Score: 3, Informative

    Who said it was the Chinese government?

    --
    ---- Booth was a patriot ----
  10. How do they know it's from China? by voidness · · Score: 2

    If I were hacker, I wouldn't let you track and always pretend to be an easy target to blame, like China. Only fool can tell exactly where the hacker is.

    --
    Everything comes from nothing.
  11. Re:Hmm by Luckyo · · Score: 2

    There is a far more obvious version of what this means:

    West is demonizing China for its population into next cold war opponent, therefore any and all negative news about China in relation to West will be published with reasonably big headlines.
    Notably, it's not very different for Chinese either, same seems to be going on on their side as well.

  12. Re:...Wh.. by rasmusbr · · Score: 2

    The article says "The officials emphasize, however, that not every attack would lead to retaliation. Such a cyber attack would have to be so serious it would threaten American lives, commerce, infrastructure or worse, and there would have to be indisputable evidence leading to the nation state involved, NBC Pentagon correspondent Jim Miklaszewski said."

    What that means in English is something like: If an hostile organization brought down the electric grid, or caused a meltdown in a nuclear plant, or caused airliners to crash, or did something equivalent, then that means that war is an option.

    That makes sense IMHO.

  13. Re:Hmm by Doc+Ruby · · Score: 2

    "Liberals" (really "not quite evil bastards") have always resisted war on the basis of its inevitable civilian casualties. The US has avoided civilian casualties, even at the cost of missing out on really profitable wars, since the majority of Americans have resisted war's inevitable civilian casualties starting with WWI, but really after WWII: the wars in which many Americans actually saw some civilian casualties.

    You, however, have never seen either war or its civilian casualties personally. Before you demand more, go see some. There's plenty in the world, including by American hands.

    --

    --
    make install -not war

  14. 2 Step Authentication by Kamiza+Ikioi · · Score: 3, Informative

    I use Lastpass (which got hacked recently, but my LastPass crypto password was pretty secure). I also use the Google 2 Step Authentication. Once Facebok implements this as well, I will switch immediately. I log in to most sites with either Google or Facebook. I prefer Google, because it's usually just confirming the email, whereas apps that log in to Facebook want access to data, my wall, my friends, etc. That's as stupid, imo, as an app or site asking, "Login with Google, and give us permission to read your email and send email as you."

    What many people don't know is that Google has some privacy features built in if you know where to look. At the bottom of the page it says something like:

    Last account activity: 4 minutes ago at this IP (127.0.0.1). Details

    Click Details and you'll see:

    This account does not seem to be open in any other location. However, there may be sessions that have not been signed out.

    Browser * United States (NY) (127.0.0.1) 5:45 am (0 minutes ago)
    Browser United States (NY) (127.0.0.1) 5:39 am (5 minutes ago)
    Mobile United States (NY) (127.0.0.1) 4:03 am (1.5 hours ago)
    Mobile United States (CA) (127.0.0.2) 6:19 pm (11 hours ago)
    Browser United States (NY) (127.0.0.1) Jun 1 (18 hours ago)
    Mobile United States (NY) (127.0.0.3) Jun 1 (20 hours ago)

    Now, unless you were in CA recently (or have a proxy), this shows that someone hacked your account 11 hours ago from California.

    Click the "Sign out all other sessions" button, then go change your password ASAP and enable 2 Step Authentication if you haven't already.

    --
    I8-D