Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Gmail phishing attacks continue to target government officials

Chinese hackers accused of hacking Gmail inboxes

Article comments

Months after Google said that Chinese hackers were targeting the Gmail accounts of senior US government officials, attempts to hijack Gmail inboxes continue, a researcher said Thursday.

"Once compromises happen and are covered in the news, they do not disappear and attackers don't give up or stop. They continue their business as usual," said Mila Parkour, an independent security researcher, on her Contagio Malware Dump website.

In early June, Google announced it had disrupted a targeted phishing campaign designed to compromise Gmail accounts belonging to senior U.S. and South Korean government officials, military personnel, Chinese activists and journalists. Google said it had traced the attacks to Jinan, China, a city in eastern China that has been linked to other hacking campaigns, including one in late 2009 against Google's own network.

Parkour had revealed details of the earlier phishing attacks months before Google's June announcement. China denied accusations that its government played a role in the attacks that accessed hundreds of accounts.

And the attacks have not stopped. "Attackers... continue their efforts with a very slight modifications to the original themes," said Parkour.

The latest campaign baits the scam with the promise of a report titled "Blinded: The Decline of US Earth Monitoring Capabilities and its Consequences for National Security" from the Center for a New American Security (CNAS), a US think tank. In fact, CNAS offers that report as a free PDF download.

The emails are customised for each recipient, a common tactic in targeting attacks, dubbed "spear phishing" by security experts, and apparently are aimed at people associated with political and international affairs.

"Victims get a message from an address of a close associate or a collaborating organization/agency, which is spoofed," said Parkour. "The message is crafted to look like a subscription form offering to enter Gmail credentials to activate it."

Parkour also dredged up evidence of a Chinese connection to this newest campaign. She noted that the email client that sent the bogus messages was Foxmail, a free program routinely used by China-based phishing attacks, and that the server delivering the messages is based in Taiwan and has sent malicious mail before.

If a recipient falls for the trick and enters his or her Gmail username and password in the emailed form, the information is sent to the attackers via a compromised server in Houston, Texas. The criminals then use the pilfered credentials to log into the account a few hours later, and check the inbox twice each day after that.

Parkour confirmed many of the details herself by creating a Gmail account, populating it with Google alerts about human rights and military issues, as well as with malicious documents and messages from Chinese discussion groups.

"The password thieves did not delay and logged in less than two hours after the compromise," she said.

Since June, Google has deployed some new anti-phishing features, including one that displays a message when email is forwarded to another address, and another that automatically shows a sender's address for mail coming from people the recipient has either not sent mail to or are not in his contact list.

"Google are aware of this, [but] there is not much they can do to prevent these from coming in," said Parkour as she urged people concerned about security to use Gmail's two-factor authentication, which sends a second password to the user's mobile phone, and to change their primary password frequently.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *