back to article Spear phishers target gov, military officials' Gmail accounts

Google has detected a targeted campaign to collect hundreds of personal Gmail passwords, many of them belonging to senior US government officials, Chinese political activists, military personnel, and journalists. The accounts may have been compromised using spear phishing techniques in which victims received highly personalized …

COMMENTS

This topic is closed for new posts.
  1. DragonKin37
    Paris Hilton

    Poor security practices

    Getting your email comprimised is easy peasy, just get that TPS report with an embeded from Tom u know Tom from accounting. Click it and watch that password and contact list go to China before you can say chop suey. Issue is govement and Cororate email exchange servers are so locked down and filtered now. Webmail is the way to go with out the restrictions . So im sure Yahoo, Hotmail have the same issues but are just either too scared to admit or dont care.

    Why Paris - Cause u cant fix stupid.

  2. Shannon Jacobs
    Pirate

    MAC-level security?

    I think it would help to add a layer of security at the MAC level, but the Google has become extremely closed to suggestions from the morons outside their private little universe. Anyone know an influential Googler who is still interested in the rest of the planet earth?

    1. Anonymous Coward
      Facepalm

      Re: MAC-level security?

      forgive my ignorance, but the way I understand what you are trying to say is... you can never upgrade or change your device? Every time you change your device you will need to create a new email account?

      what about accessing your account from another PC?

    2. Anonymous Coward
      Anonymous Coward

      Google Apps

      Google Apps, if not gmail supports multi-factor authentication via SAML, along with network mask filtering and various other features. Though not MAC-level, it's good enough for most organisations. Possibly not senior-level government and military personnel though..

    3. Chris Miller

      Won't work

      For (at least) two reasons:

      1. It's not possible to automatically identify non-local MAC addresses. You normally* have to use some sort of protocol, such as InARP.

      2. MAC addresses are trivial to spoof. Of course, you'd have to know the valid MAC address, but if someone's accessing Google from a public network, that's not difficult.

      * Does Frame Relay support this? I'm not sure. You're not likely to be accessing Google this way.

    4. Anonymous Coward
      FAIL

      IT fail

      Funny how different people read MAC as:

      Media Access Control layer (eg Ethernet) address

      Media Access Control layer itself

      Message Authentication code (or message integrity code)

      Gotta love IT and it's multi-purpose acronyms

      1. /dev/null
        Boffin

        Or perhaps...

        Mandatory Access Control?

        http://en.wikipedia.org/wiki/Mandatory_access_control

    5. Chris Miller
      Facepalm

      Removing ambiguities

      While there are multiple possible interpretations of MAC (Wikipedia offers almost 100 disambiguations, 12 of them specific to computing and telecommunications), I think there's a clue in the use of the word 'level' in Shannon's phrase "add a layer of security at the MAC level" (not to mention the title).

  3. nyelvmark
    Black Helicopters

    World War 3?

    I'm getting worried about this. The US government and the UK government have been talking big about cyber-warfare in the last few days. This looks like China's response.

    Somebody tell me I'm paranoid, please.

    1. The little voice inside my head

      WW3

      A cyberattack is now a reason for military action, hm, hope this does not go any further. I believe you're not being paranoid.

    2. MarkieMark1
      Boffin

      the advantage

      Is that China is a superpower, a nuclear superpower at that, so no military action as it could feasibly lead to MAD; the scenarios are sufficiently well embedded not to need very deep thinking

      1. Anonymous Coward
        Anonymous Coward

        America will never attack China.

        Like all bullies they're cowards at heart, they pick on easy targets like Iraq or Afghanistan and not more immediate but well armed threats like North Korea.

        America will never attack any country capable of defending itself.

    3. Anonymous Coward
      Anonymous Coward

      "Paranoid?"

      OK : You're paranoid.

      But only a little. This is a long way from accidental WW3, but it is on the path if they're not careful. Rhetoric about lobbing ordnance down smokestacks as a response to cyber attacks is either an empty threat or a pretty stupid game plan. Just cos China is physically the source of this stuff it doesn't make the chinese gov responsible - after all, the subject of this story is the ease with which military personel can be deceived via e-mail, and they could be victims as well.

      Perhaps they should find a more secure/verified way of communicating officially within the gov/mil community than bog-standard gmail (or any other similar offering).

    4. Ian Stephenson
      Big Brother

      You're paranoid.

      Just because you're paranoid does not mean they are not out to get you though....

  4. Jan Hargreaves
    FAIL

    you have got to be kidding me

    "senior US government officials, military personnel"

    excuse me but what the hell are people in these positions doing using Gmail for work related communications.

    1. Joey

      Probably

      ...because they are 419ers! Emails from the CIA, FBI and Nigerian Central Bank all come from hotmail, yahoo or gmail addresses!

    2. Anonymous Coward
      Pint

      Ding Ding Ding

      Yes friends and neighbors, we have a winner. You beat me to it.

      Jesus Hussein Christ, just when you thought someone somewhere in government might have a shred of common sense you learn they're using web email accounts for gov/mil purposes! ! ! !

      Why not just put Sony and HBGary in charge of your network security???

      Beer icon 'cause this is enough to make any sane person need several, even at this time of the morning.

    3. Chris Miller

      Not necessarily work related

      Even politicians may have a social life. If you're using Gmail to set up an after work meeting - from a non-secure (in the military sense) network - there's not necessarily anything wrong*. I wouldn't recommend the use of a free public email service to update the nuclear launch codes, however.

      * Though I'd ban it, because that's just the sort of security Nazi I am :)

  5. Anonymous Coward
    Anonymous Coward

    doesn't

    Doesn't sound particularly complex, I get dozens of emails like this a week.

  6. Your Retarded
    Joke

    Mila Parkour

    I wonder if she likes to run across rooftops and jump between buildings?

  7. Eponymous Cowherd
    Facepalm

    Of Hacks and Hackers

    I see BBC News reported on this this morning. Apparently Google are under a sustained "cyber attack" by "hackers".

  8. Anonymous Coward
    Thumb Down

    What is Google's motive this time???

    I wonder what is Google's motive this time round. Last time it was to bash IE6 and try to make people switch to Chrome browser. Is it to move from Windows to Chrome OS this time...

    1. Old Handle
      Facepalm

      Or maybe...

      Just alert their users to a potential threat while at the same time patting themselves on the back for having thwarted it.

  9. Al fazed
    Mushroom

    And ?

    even my home router gets bored with penetration attempts from machines under the domains of Microsoft and many other major players. Why would the home PC of an Admiral of the Fleet be any different ?

    I'd not be surprised if it turned out that some high powered pumpkin was controlling a .mil SCADA system from home.

    ALF

  10. Anonymous Coward
    Holmes

    bye google golly

    What? Haven't Google forgotten those servers they left behind in China?

    They've been rented out - some Western intelligence agency is hosting software for checking whether there is any (intelligence) left at Google or its long suffering users

    After all, no-one else would bother with the US - when their are "softer" targets elsewhere.

    Who knows - probably not Chinese - at least they can spell in Chinese and English!

    1. This post has been deleted by a moderator

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021