Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Sends State-Sponsored Hack Warnings To Journalists and Professors (ibtimes.co.uk)

Posted by msmash on from the what's-happening dept.

An anonymous reader shares an IBTimes report: Numerous journalists and professors are taking to social media to report that they have received an alarming message regarding state-sponsored hacking when accessing their Gmail or other sites that use their Google account. Journalists who received the warning include Nobel Prize-winning economist and New York Times columnist Paul Krugman, New York magazine's Jonathan Chait, Politico's Julia Ioffe, GQ's special correspondent Keith Olbermann, Vox's Ezra Klein, Yahoo News' Garance Franke-Ruta, and one of President Barack Obama's former speechwriters, Jon Lovett. The warning says, "Google may have detected government-backed attackers trying to steal your password." These warnings are being sent by Google since 2012 but Twitter has erupted with a flurry of people in the media and academic community receiving this in the past 24 hours.

69 comments

  1. Government Sponsored? by Sartr · · Score: 0

    So Google actually knows who is paying for the attacks? How do they know this for sure? Maybe they should share this extremely important information with the public, instead of with Liberal journalists? And what does Russia care about Paul Krugman? He's the idiot that predicted the stock market would tank and never recover after Trump was elected. There's nothing of strategic national value in his email account. Hackers from foreign nations want nuclear codes, bank info, corporate secrets, and technical plans. They don't need propaganda from the MSM.

    1. Re:Government Sponsored? by Anonymous Coward · · Score: 0

      You have no actual information to base your comments on. Google has not chosen to share with you the details of how they got this information, for reasons mentioned in the article, but it's highly unlikely that they would send such notifications without having a pretty high confidence factor in it. Arguing about why Russian hackers would want to attack one particular target is meaningless; the lists of targets are probably quite broad, not necessarily particularly well chosen, and probably contain plenty of individuals who may not actually be particularly valuable marks. Doesn't mean anything.

    2. Re:Government Sponsored? by Anonymous Coward · · Score: 1

      So Google actually knows who is paying for the attacks? How do they know this for sure?

      They bump into the agents coming in and out of the data rooms.

    3. Re:Government Sponsored? by kwzombie · · Score: 1

      It's all about motivation. Every time they hack a reporter they get a ration coupon for a bottle of vodka.

    4. Re:Government Sponsored? by swb · · Score: 4, Insightful

      It's more reasonable than you think.

      Do you think that Google has a completely ignorant security team? That they don't have access to internal experts in global routing and traffic analysis? They wouldn't have an internal databases of known hacking sources, methodologies and heuristics and means of tracking command and control?

      They may not have a signed invoice for the person paying for the attacks, but they likely can make really, really informed estimates.

      Krugman's value isn't the accuracy of his economic predictions, its his public status as the economist to the liberal elite. He's a major opinion leader whose academic status gives him significant public credibility. And they may not even care about that primarily, what if you hacked his account and found evidence of collusion with Democratic politicians? Even if it wasn't active political collision but only non-partisan advice being solicited and given, how hard would that be to turn into click-bait propaganda?

      Even if access only gave you the ability to predict his columns, it may be enough evidence to create timely counter-propaganda via a competing analysis, discrediting his sources or other means. This could be used against the Democrats generally or against candidates specifically to influence internal debate or power struggles inside a party.

    5. Re:Government Sponsored? by Anonymous Coward · · Score: 0

      Neither do we, so why is this on Slashdot? Why was the CNN article misquoting a computer scientist/s about election fraud worthy of being posted? It's clear some people will be in a rubber room by the time Trump gets sworn into office.

    6. Re:Government Sponsored? by Rockoon · · Score: 3, Interesting

      Have you not noticed that ever since Trump won the election, the hacks stopped being from "Russia" are started being "State-sponsored" and from a "Nation-state" ?

      There is one nation-state with the most incentive to influence our elections and hack its "prominent" people, and it isnt Russia. Its America.

      --
      "His name was James Damore."
    7. Re:Government Sponsored? by guruevi · · Score: 1

      Most likely this is a large scale attack on thousands of e-mail accounts and there is some sort of threshold where Google no longer considers it likely that it was an individual person. However as we've seen with the DynDNS attacks, it doesn't take much to get major infrastructure on it's knees.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    8. Re:Government Sponsored? by swb · · Score: 1

      FWIW, I'm not even sure I believe that "state sponsored" is even meaningful anymore. It implies a sense of sanctioning, cohesion and coordination involving government political leadership and sanctioned organizational implementation.

      I think we have something closer to a free for all where those with the abilities and resources are taking their own initiative and even if they are operating under the cover of legitimate authority are executing self-authorized and perhaps even personal agendas. I won't even exclude independent, non-governmental actors seeking outcomes not aligned with any coherent government policy

    9. Re:Government Sponsored? by GameboyRMH · · Score: 1

      And what does Russia care about Paul Krugman? He's the idiot that predicted the stock market would tank and never recover after Trump was elected.

      Give him a chance to be inaugurated and state his plans, the magic 8-ball in Trump's head is still settling.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    10. Re:Government Sponsored? by Anonymous Coward · · Score: 0

      They would have a hard time, because apparently only the Russians know how to hack, what would they do hire a team of Russians to do the hacking for them?

    11. Re:Government Sponsored? by AHuxley · · Score: 1

      Recall how fast the "news" about the BEAR methods spread in the media by security contractors.
      Now that other a lot of other nations or groups seen in networks, everything is much more secret.
      Strange how some methods get to the media so quickly yet security holds so well when its other nations or groups...
      So what other nations, groups, people have been traversing some US networks for a while and why cant contractors talk about methods so quickly?

      --
      Domestic spying is now "Benign Information Gathering"
    12. Re:Government Sponsored? by Darinbob · · Score: 1

      There is a lot of evidence that it is encouraged at the very least by the Russian government even if it not directly controlled by the Kremlin. There are a lot of Putin followers hoping to make their leader happy by hacking his enemies. Whether it be Estonia, Ukraine, or America, there's a pro-Putin hacking community that springs into action to defend Putin's stances. And they're not just a dictator oriented variant of Anonymous doing DDoS attacks, some of them are quite skilled.

      The snag is proving a direct connection. After all we had actual Russian soldiers in good standing invading Ukraine, but apparently they were technically on vacation according to Putin, never mind that they were doing exactly the actions that he wished happened ("who will rid me of this troublesome priest?"), so there was never "proof" even though Crimea ended up being stolen. It is very likely that something similar is happening in cyberspace even if Putin is not giving direct orders.

  2. Strange. by Anonymous Coward · · Score: -1

    Their names all sound Jewish. I wonder if this means something.

    1. Re:Strange. by Anonymous Coward · · Score: 0

      It could be a coincidence, but it's more likely a vast and most excellent conspiracy to keep you and your overweight friends in your mom's basements so your filthy sub-human traits can exit the gene pool for good, ciao baby.

    2. Re:Strange. by Cryacin · · Score: 1

      New World order based out of Kazakhstan for sure. It's a very nice.

      --
      Science advances one funeral at a time- Max Planck
  3. Have an unhappy Thanksgiving by Anonymous Coward · · Score: -1

    Now go fuck yourselves

  4. Social media is not social networks by Anonymous Coward · · Score: 0

    "Numerous journalists and professors are taking to social media"

    No they are posting to social networks!

    1. Re:Social media is not social networks by Rockoon · · Score: 1

      No they are posting to social networks!

      You mean web-based bulletin board systems?

      --
      "His name was James Damore."
    2. Re:Social media is not social networks by Mashiki · · Score: 1

      Don't worry. It doesn't matter, when you have the CEO of a company -- in this case reddit turning around and changing posts because he threw a hissy fit. I'm now waiting for the same to happen with Facebook. Twitter is already burning themselves out, so no need to worry on that front.

      --
      Om, nomnomnom...
  5. hey, foreign spooks... just buy a paper, OK? by swschrad · · Score: 1

    or subscribe online if you can't get out of Mommy's basement any more.

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
  6. cost / benefit by ooloorie · · Score: 2, Insightful

    but it's highly unlikely that they would send such notifications without having a pretty high confidence factor in it

    Really? Why? Do you think Google or Facebook are any more credible than Exxon or Monsanto? These are big corporations; they will say whatever furthers their agenda. As long as it's legal, that's their right, but that doesn't mean that you need to turn into a gullible fool.

    There is almost no cost associated with them for blaming "state-sponsored actors" wrongly: it's not a claim that they can be held legally responsible for, there is no possibility of libel charges, and it doesn't even hurt them in terms of public opinion or trust. At most they'll look a bit overly cautious.

    But there is a lot of benefit associated with making such a claim regardless of evidence: both companies are heavily in bed with the Democrats, and this kind of notice ingratiates them to the Democratic party establishment.

    1. Re:cost / benefit by Anonymous Coward · · Score: 0

      Yes I for one feel that Google is far more credible then either Exxon or Monstanto (and Facebook for that matter). Not that I necessarily disagree with what you write.

    2. Re:cost / benefit by smallfries · · Score: 1, Flamebait

      You have an interesting style of argument and a fresh uid. Rather than argue by providing a reason for why Google would do this in poor faith you simply smear them and insinuate some form of collusion. Whose sockpuppet are you?

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    3. Re:cost / benefit by Anonymous Coward · · Score: 0

      This is a discussion about trusting Google. The onus is on those saying Google should be trusted on their word alone to prove they deserve any trust.

    4. Re:cost / benefit by smallfries · · Score: 0

      Same tactic from an AC immediately after the sockpuppet is criticised for it. Do you guys follow a flowchat? It must be a lot like working in a callcentre, no?

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    5. Re:cost / benefit by Sartr · · Score: 0

      Everyone who disagrees with me is being paid as part of a secret evil conspiracy! Wonderful persuasive argument yourself there, chief.

    6. Re:cost / benefit by ooloorie · · Score: 1

      Rather than argue by providing a reason for why Google would do this in poor faith you simply smear them and insinuate some form of collusion.

      I didn't "insinuate" anything. It's an established fact that Facebook and Google, as well as their owners, are strong supporters of the Democrats, and I'm pointing out that these "notices" are consistent with their political biases and economic self-interest. I'm also pointing out that it should be clear that Google has no objective basis on which to determine whether a hack is perpetrated by a "state actor" or not.

      Whose sockpuppet are you?

      Do some reading.

    7. Re:cost / benefit by ooloorie · · Score: 1

      Same tactic from an AC immediately after the sockpuppet is criticised for it. Do you guys follow a flowchat? It must be a lot like working in a callcentre, no?

      Actually, we're all part of the Vast Right Wing Conspiracy! You should see the kinds of monthly checks we receive from the Koch Brothers!

    8. Re:cost / benefit by another_twilight · · Score: 2

      Do you believe that Google has the data and competence to analyse that data to identify patterns that can distinguish (with high confidence) the difference between a state actor and a hacking/private group?

      If so, then Google has either deliberately lied or ... what?

      Your argument then seems to be that Google has lied to some users (either about an attack existing at all, or about the source of an attack) to ingratiate themselves with the Democrats. I'm not from the US, so I might be missing something, but that sounds ridiculous. Sure, some members of Google (maybe even most) vote a particular way, so you may be able to argue that they favour one party, and maybe their personal political leanings might inform or influence corporate policy (the "agenda" as you ominously call it) but how is _this_ evidence of that?

      Sounds like confirmation bias on your part (senior Google employees/owners favour Democrats, therefore all of Google's actions are designed to help that party).

      There are a number of (non-political) reasons that Google might inform users of the possibility of state-sponsored attacks. Your suggestion that this might be politically motivated is, frankly, silly.

    9. Re:cost / benefit by ooloorie · · Score: 1

      Do you believe that Google has the data and competence to analyse that data to identify patterns that can distinguish (with high confidence) the difference between a state actor and a hacking/private group?

      No, they do not have the data to distinguish between the two.

      Your argument then seems to be that Google has lied to some users (either about an attack existing at all, or about the source of an attack) to ingratiate themselves with the Democrats. There are a number of (non-political) reasons that Google might inform users of the possibility of state-sponsored attacks. Your suggestion that this might be politically motivated is, frankly, silly.

      I didn't say that their message was "politically motivated" or that they "lied", both of which would require conscious deception or that the statement is absolutely false. The problem with the statement is that it is being made against the background of a Democratic conspiracy theory in which Putin has supposedly been aiding Trump to win the election, and against that background, it is irresponsible to make such a statement. A politically neutral and responsible company would have worded their statement more carefully; but Google and Facebook are more than 90% Democratic and they benefit from good relations with the Democrats, so they simply have no interest in being careful in what they say in order to avoid giving the impression that they are providing support for Democratic conspiracy theories.

    10. Re:cost / benefit by smallfries · · Score: 2

      Literally receiving the Kock?

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    11. Re:cost / benefit by smallfries · · Score: 1

      Ah ha. Yup. So don't actually argue against what I've written - just throw mud to try to discredit my views. Hmmm, bit similar to the previous two messages, eh? Maybe the "secret evil conspiracy" is actually just a common form of retardation?

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    12. Re:cost / benefit by smallfries · · Score: 1

      You have not made an argument that sending out these notification is consistent with their political biases or their economic self-interest.

      Please do so, it would be interesting to read.

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    13. Re:cost / benefit by ooloorie · · Score: 1

      You have not made an argument that sending out these notification is consistent with their political biases or their economic self-interest.

      Really? You don't understand how "liberal journalists have their accounts hacked by 'state actors'" plays into Clinton's confabulation of "the DNC got hacked by 'state actors' in order to hand Trump the election"? I suggest you just reflect on that a bit more.

    14. Re:cost / benefit by ooloorie · · Score: 1

      Literally receiving the Kock?

      Awww, how cute! Your little homophobic mind thinks that that amounts to some kind of clever response!

      Actually, the Koch brothers are straight. But they were pretty nice looking in their youth, and as smart, socially liberal, MIT-educated engineers they would have been a good catch.

    15. Re:cost / benefit by smallfries · · Score: 1

      Oh no - I think you misunderstand. I follow your logic as a suggestion that it could be interpreted that way. But I don't see any evidence that you have presented that forms an argument that is what has happened. Could you reflect on the difference, perhaps?

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    16. Re:cost / benefit by smallfries · · Score: 1

      Did you infer some sort of negativity and assume that I had implied it? Gosh, I think that is a demonstration of your homophobia rather than mine.

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    17. Re:cost / benefit by ooloorie · · Score: 1

      I think you misunderstand.

      I think you misunderstand: I'm saying that the reason that you "don't see any evidence" is entirely a problem with you. I can't fix your mental problems for you.

    18. Re:cost / benefit by smallfries · · Score: 1

      So you have presented no evidence, and you claim that because I don't see the evidence that you have not presented it is a mental issue? Must be one of the bad ones like "logic", or "reason". Be thankful that you do not suffer from them.

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    19. Re:cost / benefit by ooloorie · · Score: 1

      So you have presented no evidence

      Correct. I presented an argument, not evidence:

      It's an established fact that Facebook and Google, as well as their owners, are strong supporters of the Democrats, and I'm pointing out that these "notices" are consistent with their political biases and economic self-interest. I'm also pointing out that it should be clear that Google has no objective basis on which to determine whether a hack is perpetrated by a "state actor" or not.

      I leave it to you to verify the facts that I refer to yourself, it's easy enough to do. You're welcome to use "logic and reason" to attack my argument; so far, you haven't.

    20. Re: cost / benefit by Anonymous Coward · · Score: 0

      Not a google fan (or an apple fan for that matter), but your "guilty till proven innocent" methodology is not fair.

  7. Diceware by Anonymous Coward · · Score: 0

    People in sensitive positions should use randomly generated passwords such as Diceware.com suggests. Anything less secure is irresponsible.

    1. Re: Diceware by Anonymous Coward · · Score: 0

      i know i do.

  8. why bother? by ooloorie · · Score: -1, Troll

    I can't imagine why anybody would bother to hack Krugman's or Olbermann's accounts. It's not like you could expose them to be Democratic party hacks, we already know that they are. And if they actually knew much about politics or economics or had significant insider information, they wouldn't be constantly wrong. Trump and the Republicans don't consider these "liberals" adversaries, they consider them a gift from heaven: they couldn't hope for better caricatures of the Democrats and progressives.

    1. Re:why bother? by Zocalo · · Score: 3, Insightful

      Maybe the purported state-sponsored hackers are not so much interested in what the likes of Krugman or Olbermann write, but in what the people they are corresponding with are writing?

      --
      UNIX? They're not even circumcised! Savages!
    2. Re:why bother? by ooloorie · · Score: 1

      Maybe the purported state-sponsored hackers are not so much interested in what the likes of Krugman or Olbermann write, but in what the people they are corresponding with are writing?

      As I was saying "[if they had] significant insider information, they wouldn't be constantly wrong".

      What have Krugman or Olbermann ever written that suggests that Podesta, Clinton, or anybody else has shared anything more substantial than vegan cookie recipes with these guys?

    3. Re: why bother? by Anonymous Coward · · Score: 0

      Yes.

      The latest round of e-mails, sent out on November 8 and 9, "were sent in large quantities to different individuals across many organizations and individuals focusing in national security, defense, international affairs, public policy, and European and Asian studies," Adair wrote. "Two of the attacks purported to be messages forwarded on from the Clinton Foundation giving insight and perhaps a postmortem analysis into the elections. Two of the other attacks purported to be eFax links or documents pertaining to the electionâ(TM)s outcome being revised or rigged. The last attack claimed to be a link to a PDF download on 'Why American Elections Are Flawed.'"

      http://arstechnica.com/security/2016/11/russian-hackers-throw-trump-victory-party-with-new-spear-phishing-campaign/

      http://arstechnica.com/security/2016/11/google-warns-journalists-and-professors-your-account-is-under-attack/

  9. Phase 3. by allcoolnameswheretak · · Score: 1, Interesting

    After hacking the DNC and hacking voting machines to win Putin buddy Trump the election, they are now moving against the people who might have the interest or power to report on the background on what is happening in the USA in these very troubled times.

    I guess they are trying to dig up dirt to blackmail people.

    Don't underestimate the power of Russian Intelligence Services. Numerous reports cite Russian hackers are the best in the world and their very president is a former KGB agent.

    1. Re:Phase 3. by Anonymous Coward · · Score: 0

      Numerous reports cite Russian hackers are the best in the world

      Fake news again. The best hackers in the world are American.

      You know who has the most motive to influence American elections? Americans.

      You know who slurped up all of Clinton's e-mails, all of the DNC e-mails, all of everything that's been leaked, and stored that in their data warehouse in Utah?

  10. wait a bit before panicing by Anonymous Coward · · Score: 0

    This sounds like something based on a heuristic on Google's side, so they may have pushed a bad binary yesterday and left for the holiday. Programmers love to pull that garbage.

    Meanwhile everyone should be getting U2F tokens regardless. They are excellent.

  11. After Sources by Anonymous Coward · · Score: 0

    Most of the time, they could care less about the journalists. They are already an open book.

    They want their sources of information, and methods of receiving and verifying said information.

    2 reasons:

    1) Stop leaks
    2) Inject incorrect information into the stream, having it republished as authoritative.

    This may not be Russia. The people most likely to benefit from this are the various US/UK TLAs.

  12. Turkey by Impy+the+Impiuos+Imp · · Score: 2

    "Besides the NSA, CIA, FBI, and confederate agent operatives embedded in same for both major parties, that is."

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  13. They already know about the NSA by Anonymous Coward · · Score: 0

    no need to inform them.

  14. Can we at least speak the same language? by reboot246 · · Score: 2

    "These warnings are being sent by Google since 2012 . . . "

    No, it should be:
    These warnings have been being sent by Google since 2012 . . .

    Please learn to write or don't call yourself a writer.

    1. Re:Can we at least speak the same language? by Anonymous Coward · · Score: 1

      You think people who re-post news on a social news site refer to themselves as "writers" I think you might be confusing us with professional journalists... also if you want to get pedantic "have been being" is fucking terrible, it should be "Google have been sending these warnings since 2012".

    2. Re:Can we at least speak the same language? by Anonymous Coward · · Score: 0

      Im a righter, I red you're idea's to and their definately good ;)

    3. Re:Can we at least speak the same language? by Anonymous Coward · · Score: 0

      I wonder, does poor grammar effect people like you.

    4. Re:Can we at least speak the same language? by swillden · · Score: 1

      These warnings are being sent by Google since 2012

      This form of grammatical error is common among people whose native language is not English, in particular I see it a lot from Germans.

      Odds are that the author writes their native language far better than you do.

      Please learn to write or don't call yourself a writer.

      Where does it say that the anonymous poster called himself a writer? You were clearly able to understand the intent, so your post is just snobbery.

      Now, had you pointed out that a competent English-speaking editor could and should have corrected the error before posting it, well, then you'd have had a point. But this is slashdot, which has always been noted for incompetent editing.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    5. Re:Can we at least speak the same language? by SlaveToTheGrind · · Score: 2

      Your "correction" may be pedantically proper, but results in a very awkward sentence (read it out loud a few times). Active voice reads much more naturally:

      Google has been sending these warnings since 2012 . . .

    6. Re:Can we at least speak the same language? by Anonymous Coward · · Score: 0

      The words came from ibtimes.co.uk. Typically, when you wish to be an English language journalist, you are expected to be excellent at English and your competency at German is irrelevant.

    7. Re:Can we at least speak the same language? by Anonymous Coward · · Score: 0

      No, it should be:

      "Google has been sending these warnings since 2012"

      There is absolutely no reason to use the passive voice here, it's just indirection for its own sake.

    8. Re: Can we at least speak the same language? by Anonymous Coward · · Score: 0

      It's not even really an error, it's just using the imperfect tense, of which English doesn't have a direct analogue . The imperfect tense represents a verb action that started in the past but hasn't been completed yet, and usually implies a focus on the results of the action, not the action itself. It could also be used for a repeated action.

      I do agree that it would make more sense to say something like "Google began sending these notices in 2012", however.

    9. Re:Can we at least speak the same language? by Anonymous Coward · · Score: 0

      That looks like the way a Russian would construct a sentence - you're obviously a hacker.

  15. It does not work, people... by Max_W · · Score: 1

    The election showed that blaming "super-advanced" Russia (which by the way in reality does not produce a single PC or a smartphone) for hacking about everyone and everything does not work. People do not believe it. Move on, think of something else.

    Besides, I do not get how Trump could be beneficial for Russia. Trump is smart, while the USA and RF remain natural competitors.

  16. It smells like a propaganda attempt by Anonymous Coward · · Score: 0

    to make these prominent writers, who people naturally listen to and whose words are granted as truth, start writing about how Russia is attacking the free world, undermining security for billions of people etc. etc.

  17. Are we sure it's from Google? by wjcofkc · · Score: 1

    Those email addresses could have been scraped off any hack. If I got something like that I would look at the header. It's like "You're in danger of being hacked! Quick, click here!"

    --
    Brought to you by Carl's Junior.
  18. two things by Orp · · Score: 1

    1. Two factor authentication, ALWAYS
    2. People should stop using email for anything sensitive that you don't want read by your worst enemy. Use some P2P encrypted chat program or something. One would think Americans, at least, could see the value in something other than damned emails for sensitive communication.

    --
    A squid eating dough in a polyethylene bag is fast and bulbous, got me?
    1. Re:two things by AHuxley · · Score: 1

      Re 'Two factor authentication, ALWAYS" Two factor authentication is not holding as expected.
      "Google warns journalists and professors: Your account is under attack" (11/24/2016)
      http://arstechnica.com/securit...
      "Some of the people who received the warning reported their accounts were protected by two-factor authentication... "

      --
      Domestic spying is now "Benign Information Gathering"