Google Warning Gmail Users On Spying From China 215
Trailrunner7 writes "Google is using automated warnings to alert users of its Gmail messaging service about widespread attempts to access personal mail accounts from Internet addresses in China. The warnings may indicate wholesale spying by the Chinese government a year after the Google Aurora attacks, or simply random attacks. Victims include one leading privacy activist. Warnings appeared when users logged onto Gmail, encountering a red banner reading, 'Your account was recently accessed from China,' and providing a list of IP addresses used to access the account. Users were then encouraged to change their password immediately. Based on Twitter posts, there doesn't seem to be any pattern to the accounts that were accessed, though one target is a prominent privacy rights activist in the UK who has spoken out against the Chinese government's censorship of its citizens. A Google spokesman declined to comment on the latest warnings specifically. The company has been issuing similar warnings since March, when it introduced features to identify suspicious account activity."
I got this (Score:5, Informative)
I got the warning about being accessed from China. Unfortunately, it came 2 days after I became aware of my gmail account and World of Warcraft account both being compromised. By that time I had already changed the password, and had Blizzard restore my stuff.
Re:What reality do you live in? (Score:3, Informative)
Plus, we've got military instillation all over the world also operating with virtually zero oversight.
We've given money to support various military dictatorships, tried taking over numerous sovereign countries, etc. While we don't do many atrocities to people here at home, the "third world" is open game.
When the U.S. (wrongly) detained the friend of Assange, leader of WikiLeaks, earlier this year they had to let him go. Our laws have been designed to protect human rights from abuse by even our own government. You can't say the same thing about the Chinese.
Only because there was a lot of press about it. Had this person been relatively unknown, he just would have been denied his rights or charged him with some "terrible" crime that no one would want to associate with him anymore.
Our laws have been designed to protect human rights from abuse, but that doesn't mean shit when it comes to congress or our operations outside of the US. We've passed laws blatantly ignoring the constitution (PATRIOT act, DMCA, etc.), debased our currency to worthlessness, gunned down civilians abroad, and propped up dictatorships.
The only significant difference between China and the US is that China does atrocities from within their borders and doesn't maintain an illusion of freedom. The US does atrocities from outside their borders and tries to portray that they are concerned about liberty.
Re:China shouldn't have been allowed to join the W (Score:2, Informative)
Yeah, China has human rights abuses and so does the US. There are people detained by US authorities who don't even have a fucking clue why they are detained because the US won't tell them!
Please point to a case where this has happened in modern US history, as this is a very clear violation of our sixth amendment in the Bill of Rights.
Re:China shouldn't have been allowed to join the W (Score:3, Informative)
Re:China shouldn't have been allowed to join the W (Score:3, Informative)
You like many are confused (Score:4, Informative)
Specifically you are confusing privacy and anonymity. Many geeks seem to think the right to privacy is the same as the right to remain anonymous and they aren't at all. The government has rules that there is a right to privacy implied in the Constitution, but they have never ruled there is a right to anonymity best that I know.
So what's the difference? Privacy means being able to shield what you are doing from others, if you choose. I currently have complete privacy. I am alone, in my home. That means what I am doing is not something anyone can find out, unless I let them. My actions and thoughts are as private as I wish them to be. However I'm not anonymous. Anyone who did even cursory (and fully legal) surveillance could determine what house is mine and that I am presently at home. I am in no way anonymous in my actions, just private.
The flipside of that would be a couple having sex in a park, wearing full face masks. They would have no privacy, but would have anonymity. There would be no doubt in anyone's mind what was going on if they looked over. However as to who was doing it, well that would be a mystery. The people doing it would be anonymous, but not private.
Of course you can easily find other situations that you have both or neither.
So as it applies to these activists that they are known doesn't mean they aren't successful at being private. They aren't anonymity activists, they are privacy activists. They advocate that you should be able to do things and not have the government (or others) spy on you. they are not advocating you should be unknown, a cipher to all.
Pretty Good Privacy? (Score:3, Informative)
There are GPG plugins for most e-mail clients. E.g. there's Enigmail for Thunderbird. People just need to use them.
Security is a game of percentages (Score:3, Informative)
Going through a proxy (crowded, busy, high traffic, concentrated) makes hack attacks that much more difficult. From the defense standpoint, proxies may be known (lists of know proxies are widely available), detectable (reverse operations), or identifiable via patterns (large volumes of traffic or attack from a single or narrow IP band not otherwise known).
You do highlight the point, however, that patterns of behavior are what are critical. You want to see who's coming in, from what IP ranges, whether or not they're suddendly having a great deal of trouble with their passwords, etc.
I've had more than a little success identifying sources of abuse via CIDR block or ASN [linuxmafia.com] using the Routeviews [routeviews.org] reverse IP-to-BGP Router Data lookup (the txt record is the CIDR block and ASN of an IP). Not just in spam, as indicated in the linked paper, but for apache logs, aggregating ranges of IPs to a single identifiable source.
Sure, someone using a widely distributed botnet across multiple ASNs isn't going to turn up in that analysis (or rather, it will be more weakly distributed), but in that case, you're going to want to find other patterns of behavior to track.
Re:What reality do you live in? (Score:3, Informative)
Same story in the US. No "enemy combatants" are given a fair trial. They're also tortured, or thrown into a prison and humiliated sexually. (i.e. abu ghraib)
Re:What reality do you live in? (Score:4, Informative)
In the United States it is illegal to plan to (or attempt to) overthrow the government by force or with violence.
Passing around a petition saying "I support breaking up the United States" is not a crime. Running for congress and saying "I would vote to breakup the United States" is not a crime. Attacking with force Fort Sumter -- crime! It's not perfect, I'd probably like more anti-government actions to be completely protected, but it is what it is.
Bottom line is the the Chinese party line on basic freedoms (like freedom of speech) and the typical American or European view on such things are worlds apart different. Some people like to put these down to thousands of years of history with such theories as Wittfogel's hydrolic Empires -- "Orientals like rules because they are used to them from thousands of years of absolute rule from above." I don't buy that. American and European views on freedom of speech are very different too. Witness the Brits who are in trouble for burning Qur'ans, the illegality of certain types of clothing in France and Germany, religious freedom differences, great differences on offensive speech, etc.
One thing that North American and Europeans are almost united on though is that political dissenters should be allowed and protected. Doesn't mean dissenters always get an easy or free ride, but the Chinese model is very abhorrent to many.