Gmail hackers ‘had access for months’
Shanghai, June 2, 2011
Hackers who broke into Google's Gmail system had access to some accounts for many months and could have been planning a more serious attack, said the cyber-security expert who first publicly revealed the incident.
Google said suspected Chinese hackers tried to steal the passwords of hundreds of Gmail account holders, including those of senior US government officials, Chinese activists and journalists.
"They were not sophisticated or new, but they were invasive," said Mila Parkour, who reported the cyberattack on her malware blog in February.
"Emailing phishing messages using details from read personal messages is invasive. Plus, they maintained full email access to mailboxes for a long time," the Washington-based Parkour told Reuters. She uses a pseudonym to protect her identify.
"I covered one; they (Google) took it and uncovered many more of the same kind," she said, noting the method of attack was invasive and targeted.
Parkour was initially involved in investigating one such phishing incident, referring to the practice where computer users are tricked into giving up sensitive information, and then started to gather data on other similar incidents, she said.
Google declined to comment on the details of Parkour's report, but a source with knowledge of the matter said there were similarities between the attack she analysed and the rest of the campaign. The source declined to be identified owing to the sensitivity of the issue.
The Internet company, which was also the victim of a sophisticated hacking episode last year, gave no details about the most recent attack other than to say it had uncovered a campaign to collect user passwords, the goal of which was to monitor users' emails.
The company said its Gmail infrastructure had not been compromised.
Parkour's analysis in February showed that the hackers emailed victims from a fake email address, which purported to be that of a close associate in order to gain their trust. The email contained a link or an attachment.
When the victims clicked on the link or document, they were prompted to enter their Gmail credentials on a fake Gmail login page created to collect usernames and passwords, after which the hackers had full access to their accounts.
In the case that Parkour studied, the victim was unknowingly in contact with the hackers between May 2010 and February 2011 according to email screenshots she posted. He received emails once or twice a month that allowed them to maintain updated access to his inbox.
"The victims were carefully selected and had access to sensitive information and had certain expertise in their area," Parkour said, adding that the victim in the case she studied thought he was replying to someone he knew.
The man had emails sent to him that purported to be from branches of the US government, Parkour said.
One of the emails reads: "My understanding is that the State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike."
Parkour said the Gmail attacks could be a staging ground for a more serious attack using malicious software, or malware. Many of the Gmail accounts were personal email accounts of personnel with access to sensitive information, some of whom could have forwarded their work emails to their personal Gmail accounts.
"Gathered information could help in the next attack, which could be a malware attack , after which the attackers could gain access to corporate and government networks when the victims log in from a compromised PC," she said.
Parkour said evidence of that was found in an antivirus script used by the hackers to reveal what type of software the victim had installed on his computer.
"The only reason you want to know what (version of Microsoft) Office you have and what antivirus you have is to be able to infect it in the future," said Parkour. – Reuters
More IT & Telecommunications Stories
- Batelco unveils new business broadband package
- Mobily seals Bharti Airtel partnership deal
- VIVA launches exclusive rewards program
- US govt to shed control of net addresses
- Etisalat sets ultimatum for SIM card registration
- Acer targets double digit growth in Saudi
- UAE mobile radiation levels below global standards
- Arpu's T-Pay gateway draws top game vendors
- SAP unveils new cloud platform
- Zain launches smartphone insurance
- Windows XP users warned on usage risks
- Tecom units welcome 181 new companies
- Ooredoo chairman joins WB gender equality council
- Mobily, Jasper start wireless M2M service
- Telecom Egypt expects mobile licence in Mar or Apr
- Sandvine wins big Etisalat follow-on order
- Aveva software for engineering plant design
- Nawras to upgrade VSat services across Oman
- Mobily, Huawei sign smart network contract
- Etisalat, Tata launch video connect service
- Talia seals new partnership with Thuraya
- 4-pillar approach for telecom operators to boost growth
- Dubai mobile emissions below global standards
- Nawras signs capacity contract with SES
- Etisalat showcases satellite solutions at Cabsat
- Batelco launches 4G LTE roaming
- Gulf Air clinches best innovation award
- Viva inks Pepsi partnership deal
- Du offers free smarphones on tablet purchase
- Batelco launches double credit promotion