From
Send to

Gmail targeted in China-based campaign: Google

June 2, 2011 - 10:57 By 황장진

SAN FRANCISCO (AFP) -- Google said Wednesday that a cyber spying campaign originating in China had targeted Gmail accounts of senior US officials, military personnel, journalists and Chinese political activists.

"We recently uncovered a campaign to collect user passwords, likely through phishing," Google security team engineering director Eric Grosse said in a blog post.

The logo of internet search engine company Google at the headquarters in Mountain View in Silicon Valley, south of San Francisco. (AFP-Yonhap News)


"The goal of this effort seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change peoples' forwarding and delegation settings," he said.

The campaign appeared to originate in Jinan, China, Grosse said, and targeted the personal Gmail accounts of hundreds of users of Google's free Web-based email service.

Those affected included senior US government officials, Chinese political activists, military personnel, journalists and officials in several Asian countries, predominately South Korea, he said.

"Google detected and has disrupted this campaign to take users' passwords and monitor their emails," Grosse said.

"We have notified victims and secured their accounts," he continued. "In addition, we have notified relevant government authorities."

The White House was investigating the situation but had no reason to believe that Gmail accounts of senior government officials were hacked, an official told AFP.

"We're looking into these reports and are seeking to gather the facts," the official said on condition of anonymity.

"We have no reason to believe that any official US government email accounts were accessed," the official said, referring other queries to the Federal Bureau of Investigation.

Google noted in its warning that personal Gmail accounts were targeted.

Personal email accounts usually lack protections against "spoofing and malware" used in business email systems, according to a Contagio security advisory that accompanied Grosse's blog post.

"In addition, it is often being checked at home in a relaxed atmosphere, which helps to catch the victim off guard, especially if it appears to arrive from a frequent contact," Contagio said of personal email accounts.

"Some people have a habit of forwarding messages from enterprise accounts to their personal mail for saving or easy reading."

The "phishing" ruse used to trick Gmail users into revealing account names and passwords reportedly involved sending booby-trapped messages that appeared to come from legitimate associates, friends or organizations.

Links to supposedly view or download email attachments led people to fake Gmail login pages where entered information was harvested and then used to secretly get into accounts, the Contagio advisory indicated.

Google said the California-based firm's systems and servers were not attacked.

There was no indication whether the Gmail spying campaign was related to a China-based cyberattack on Google that prompted the company early last year to stop bowing to Internet censors in that nation.

Google essentially handicapped itself in the booming China market by shifting mainland Chinese users of its Chinese-language search engine Google.cn to an uncensored site in former British colony Hong Kong.

Google's decision came after the company, whose motto is "Don't Be Evil,"

threatened to close its Chinese operations because of censorship and cyberattacks it said originated from China.

China reacted quickly to Google's move saying it was "totally wrong" to stop censorship and to blame Beijing for the cyberattacks that Google said targeted email accounts of Chinese human rights activists.

Beijing tightly controls online content in a vast system dubbed the "Great Firewall of China," removing information it deems harmful such as pornography and violent content, but also politically sensitive material.

 

(관련기사)

지메일 해킹당해…진원지 중국 의심


인터넷 검색엔진 구글이 한.미 정부  관리 와 중국 인권운동가들의 지메일(Gmail.구글 메일 서비스) 계정을 대상으로 한 해킹 사실을 적발했으며, 해킹의 진원지는 중국인 것으로 추정된다고 1일(현지시각) 밝혔 다.

구글은 최근 중국 중부 산둥(山東)성 지난(濟南) 지방에서 시작된 것으로  추정 되는 해킹 공격이 있었으며, 해커들이 지메일 계정 수백개에 침입해 메일을  모니터 하려다 적발됐다고 공식 블로그를 통해 밝혔다.

구글은 해커들이 피싱 기법으로 비밀번호를 수집해 메일 계정에 접속한 뒤 메일

전달(포워딩) 설정을 몰래 변경했으며, 이를 통해 피해자들의 이메일을 지속적으로 다른 사람에게 전달한 것으로 추정하고 있다.

해킹 피해를 본 메일 사용자 가운데는 미국 정부 고위 관료, 중국 인권운동가와 언론인은 물론 한국을 비롯한 아시아 국가 정부 관리들도 포함돼 있었다고 구글은 전했다.

구글은 그러나 자사가 해킹 사실을 감지하고 이를 저지했으며, 메일 사용자들에 게 이를 통지했다고 덧붙였다.

지난 해에도 중국 인권운동가들의 지메일 해킹 사건과 미국 기업 수십곳을 겨냥 한 사이버 공격의 진원지가 중국인 것으로 지목되면서 미국과 중국 양국은 외교  마 찰을 겪기도 했다. (연합뉴스)