Google Sends State-Sponsored Hack Warnings To Journalists and Professors

An anonymous reader shares an IBTimes report: Numerous journalists and professors are taking to social media to report that they have received an alarming message regarding state-sponsored hacking when accessing their Gmail or other sites that use their Google account. Journalists who received the warning include Nobel Prize-winning economist and New York Times columnist Paul Krugman, New York magazine's Jonathan Chait, Politico's Julia Ioffe, GQ's special correspondent Keith Olbermann, Vox's Ezra Klein, Yahoo News' Garance Franke-Ruta, and one of President Barack Obama's former speechwriters, Jon Lovett. The warning says, "Google may have detected government-backed attackers trying to steal your password." These warnings are being sent by Google since 2012 but Twitter has erupted with a flurry of people in the media and academic community receiving this in the past 24 hours.

Re:Government Sponsored?

[swb]

It's more reasonable than you think.

Do you think that Google has a completely ignorant security team? That they don't have access to internal experts in global routing and traffic analysis? They wouldn't have an internal databases of known hacking sources, methodologies and heuristics and means of tracking command and control?

They may not have a signed invoice for the person paying for the attacks, but they likely can make really, really informed estimates.

Krugman's value isn't the accuracy of his economic predictions, its his public status as the economist to the liberal elite. He's a major opinion leader whose academic status gives him significant public credibility. And they may not even care about that primarily, what if you hacked his account and found evidence of collusion with Democratic politicians? Even if it wasn't active political collision but only non-partisan advice being solicited and given, how hard would that be to turn into click-bait propaganda?

Even if access only gave you the ability to predict his columns, it may be enough evidence to create timely counter-propaganda via a competing analysis, discrediting his sources or other means. This could be used against the Democrats generally or against candidates specifically to influence internal debate or power struggles inside a party.

cost / benefit

[ooloorie]

but it's highly unlikely that they would send such notifications without having a pretty high confidence factor in it

Really? Why? Do you think Google or Facebook are any more credible than Exxon or Monsanto? These are big corporations; they will say whatever furthers their agenda. As long as it's legal, that's their right, but that doesn't mean that you need to turn into a gullible fool.

There is almost no cost associated with them for blaming "state-sponsored actors" wrongly: it's not a claim that they can be held legally responsible for, there is no possibility of libel charges, and it doesn't even hurt them in terms of public opinion or trust. At most they'll look a bit overly cautious.

But there is a lot of benefit associated with making such a claim regardless of evidence: both companies are heavily in bed with the Democrats, and this kind of notice ingratiates them to the Democratic party establishment.

Re:cost / benefit

[another_twilight]

Do you believe that Google has the data and competence to analyse that data to identify patterns that can distinguish (with high confidence) the difference between a state actor and a hacking/private group?

If so, then Google has either deliberately lied or ... what?

Your argument then seems to be that Google has lied to some users (either about an attack existing at all, or about the source of an attack) to ingratiate themselves with the Democrats. I'm not from the US, so I might be missing something, but that sounds ridiculous. Sure, some members of Google (maybe even most) vote a particular way, so you may be able to argue that they favour one party, and maybe their personal political leanings might inform or influence corporate policy (the "agenda" as you ominously call it) but how is _this_ evidence of that?

Sounds like confirmation bias on your part (senior Google employees/owners favour Democrats, therefore all of Google's actions are designed to help that party).

There are a number of (non-political) reasons that Google might inform users of the possibility of state-sponsored attacks. Your suggestion that this might be politically motivated is, frankly, silly.

Re:cost / benefit

[smallfries]

Literally receiving the Kock?

Re:Government Sponsored?

[Rockoon]

Have you not noticed that ever since Trump won the election, the hacks stopped being from "Russia" are started being "State-sponsored" and from a "Nation-state" ?

There is one nation-state with the most incentive to influence our elections and hack its "prominent" people, and it isnt Russia. Its America.

Re:why bother?

[Zocalo]

Maybe the purported state-sponsored hackers are not so much interested in what the likes of Krugman or Olbermann write, but in what the people they are corresponding with are writing?

Turkey

[Impy+the+Impiuos+Imp]

"Besides the NSA, CIA, FBI, and confederate agent operatives embedded in same for both major parties, that is."

Can we at least speak the same language?

[reboot246]

"These warnings are being sent by Google since 2012 . . . "

No, it should be:
These warnings have been being sent by Google since 2012 . . .

Please learn to write or don't call yourself a writer.

Re:Can we at least speak the same language?

[SlaveToTheGrind]

Your "correction" may be pedantically proper, but results in a very awkward sentence (read it out loud a few times). Active voice reads much more naturally:

Google has been sending these warnings since 2012 . . .