Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
China Google Security Technology

Google Uncovers China-Based Password Collection Campaign 186

D H NG writes "Google announced that it recently uncovered a campaign to collect users' passwords. The campaign, apparently originating from China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists. Google said it detected and has disrupted this campaign and has notified victims and secured their accounts, as well as notified the relevant government authorities."
This discussion has been archived. No new comments can be posted.

Google Uncovers China-Based Password Collection Campaign

Comments Filter:
  • by Anonymous Coward

    So is this an act of war by china?

    • Re:Hmm (Score:4, Informative)

      by nurb432 ( 527695 ) on Wednesday June 01, 2011 @07:32PM (#36314192) Homepage Journal

      Who said it was the Chinese government?

      • There are no big organizations in China that don't have government approval. In many cases it's just paying officials to look the other way, but it's still with their knowledge.

        So what we have here? A large scale undertaking that the Great Firewall would make harder without a permission to bypass, and one the government can use to spy on people. There's no way it's not at least closely tied with them.

  • by Anonymous Coward

    ...air strikes?

    • No, just a tighter grip on "Anonymous", whoever the fuck that is.
    • ...air strikes?

      Attacking China would destroy our economy.

      • by Anonymous Coward

        ...air strikes?

        Attacking China would destroy our economy.

        I'd be impressed if it could get much worse that it already is.

  • by Presto Vivace ( 882157 ) <> on Wednesday June 01, 2011 @06:56PM (#36313820) Homepage Journal
    it isn't a data breach, Google has uncovered a campaign to steal passwords. Well done Google.
    • Well, if it is a phishing scheme like google believes, it's not quite the same thing as a data breach like we typically use the term.

      Sort of like the difference between me being tricked into giving away my ATM PIN and a hacker breaking into the bank system and taking money from my account.

    • by Idbar ( 1034346 )
      As a security advice:

      Review the security features offered by the Chrome browser. If you donâ(TM)t already use Chrome, consider switching your browser to Chrome.

      Nice try Google, nice try! But, I'll keep my Firefox :P

    • by 1u3hr ( 530656 )

      it isn't a data breach

      Correct, it wasn't, at least not from Google. It relied on fooling users into logging in to counterfeit sites. So if you're implying Google failed to protect users' data, that's not the case. If people give up their passwords, it's their own fault.

      • by praxis ( 19962 )

        I think what you mean is if users give up their passwords to a site that cannot have its identity verified, it's their own fault. Giving up your password to Google is practically a requirement for using their Gmail service. Until we have better browser user-interfaces for authenticating sites, it will be very hard to prevent phishing attacks that look authentic. Getting rid of the address bar is probably not one of those improvements.

        • Giving up your password

          I really hope you don't use only 1 password.

          • by praxis ( 19962 )

            I was not aware that Gmail allowed multiple passwords. I suppose I should have been more clear and said "Giving up your Gmail password to Google is practically a requirement for using their Gmail service."

    • by SpaceLifeForm ( 228190 ) on Wednesday June 01, 2011 @07:46PM (#36314340)
      That is because it was NOT a data breach at Google, but a phishing campaign.
    • Yes, well, google should have installed antivirus on the several hundred million home PCs you seem to think theyre responsible for.

    • True, but it does highlight the danger of the government and enterprises moving their email service to Google and the 'cloud'. My company requires me to use an RSA token to log in to corporate mail or VPN, so simple phishing won't be successful. I'm aware of the recent RSA hack but in some ways, that's the point of two-factor authentication: you can completely compromise one factor but still have time to fix things before the other factor fails.

      • by Jouster ( 144775 )

        Two-factor authentication disables replay attacks (after, typically, several minutes). It doesn't disable MitM attacks.

    • by Anonymous Coward
      You're being sarcastic but your comment taken literally is true on all counts. Even the headline. It is good PR: other email providers, like Hotmail or Yahoo, either would have glossed over this internally, or lacked the competence to even discover the systematic attack.
    • it isn't a data breach

      It may very well be a data breach for companies with employees that fell victim to the password-stealing campaign.

      Not that Google is to blame here, but stating that "this isn't a data breach" is a big statement to make.

  • Happened to My Wife (Score:5, Interesting)

    by friedmud ( 512466 ) on Wednesday June 01, 2011 @06:58PM (#36313852)

    My wife's Gmail account got caught up in this! Last weekend I received some spam from _her_ gmail account. We immediately logged in and Google said that it had detected suspicious behavior and made her reset her password. It then showed us the connection log... and everything looked normal except one particular connection: FROM CHINA!

    We were pissed.... but it doesn't appear that anything else was compromised (she didn't have anything sensitive in her Gmail account luckily).

    Things really seem to be escalating on the 'net lately... from PS Network to Lockheed and now to Gmail. I really have to wonder if China is _actively_ participating at this point...

    • by currently_awake ( 1248758 ) on Wednesday June 01, 2011 @07:23PM (#36314106)
      The world is currently in the early stages of a great depression. The huge increase in computer crime and the revolts in arab countries are just symptoms of that.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I kind of wonder how China's great firewall plays into plausible deniability for these things.

      For example if China blocks civilian access to x service, and we see hacking attempts to x service originating from China, shouldn't there be a pretty good explanation?

      • Keep in mind that China is a country with 4x the population of the US, and has at least the same percentage of corrupt politicians with ties into organized crime who can get the police, firewall-maintainers, and everyone else to look the other way when necessary.

        Are there lots of attacks coming from China? Absolutely. Do the flourish there because the government is unwilling or unable to meaningfully fight them? Sure. Does China have its own government espionage agency with more or less the same goals as th

    • by buro9 ( 633210 )

      Have you guys not tried the 2 factor authentication yet? []

      I was afraid that my girl might find it difficult to use or overly technical, but once I explained how it worked and supported her through the setup of it, it's been working brilliantly.

      Basically any new machine that you connect to Gmail from requires not just your password (something you know) but also the code generated from the supplied app (on our Android phones - somethi

    • by rgviza ( 1303161 )
      happened to me too. This is more than just a phishing campaign....
  • Hypocrites (Score:1, Redundant)

    by clampolo ( 1159617 )
    The real reason Google is upset about this is because China isn't paying them to get the information like everyone else. Google is pissed that China is cutting out the middle man.
    • by Anonymous Coward

      The real reason Google is upset about this is because China isn't paying them to get the information like everyone else. Google is pissed that China is cutting out the middle man.

      [Citation Needed]

    • Wrong. Google is not pissed about revenue loss. If they were worried about revenue loss they would have stayed in China, collected the advertising dollars in the growing market, and not given a sh!t about compromised users. Instead, they spurned the money on principle and withdrew from that market when the Chinese Government gave them crap conditions to operate under. Google's Sergei is particularly sensitive to repressive totalitarian governments like China because he grew up in the Soviet Union - and unde
      • by Anonymous Coward

        You might think it's stupid for a big company to take a principled stand like that, and generally it is, but that decision lined up with Google's future potential in Europe/America: Google is nearly unique (meaning doomed to fail) in the tech world in that it relies almost entirely on the amount of trust users place with Google. Other corporations can survive overwhelming bad publicity; Google can't, and it hasn't had to.

  • by Megahard ( 1053072 ) on Wednesday June 01, 2011 @07:04PM (#36313900)
  • If only it didn't take so many clicks more people would do it.

  • I'm just sayin, maybe turn the LOIC on China for a bit?

    I think Sony may have learned at least a partial lesson now.


  • "as well as notified the relevant government authorities.""

    "Yeah, we know.... Uh.. I mean really? Collecting passwords, you say?"

  • where they won't let you use your credit card account abroad unless you phone ahead and tell them you will abroad and its ok if they start getting charges from bangkok or antigua

    maybe it's time for email providers to do the same: "no logging into my account from foreign ip blocks unless i tell you its ok"

    and the default for this protection should be "on". your average user won't take the time to hunt for this menu item and enable it

    • Sounds like it would stop the most direct attacks, but unlike credit card transactions, which can't be anonomized or proxied, a slighly more sophisticated attacker could just use a pwnd machine or proxy and they could appear to be coming from a nominally local block.

      However, if this is state-sponsored, the PRC may be reluctant to allow use of those tools lest they become widespread enough to allow massive evasion of the Great Firewall...

      I think eventually some combination of biometrics (hello Big Brother!),
  • Have any details been released? This sounds curiously like an e-mail-based phishing campaign, if the passwords weren't obtained from Gmail's own systems and they weren't exploiting a software vulnerability.

  • If I were hacker, I wouldn't let you track and always pretend to be an easy target to blame, like China. Only fool can tell exactly where the hacker is.
  • 1. Declare "cyber-crime" against the government officially a war crime.
    2. Release details on a not-so-friendly foreign nation's shady online behavior.
    3. Boom???
    4. Profit!!
  • This happened to me but it was about a year ago. I went to check my gmail and it said it had recently been accessed from China. I immediately reset my password on every account that I had everywhere. Not that my passwords are the same, but with access to my gmail the attacker could change or find out my password for almost every site I visit. I have no idea how they figured out my password, I didn't use it elsewhere, it was a made up word, 9 digits long, with 2 numbers and a symbol in it. If they could gues
    • This happened to me but it was about a year ago. I went to check my gmail and it said it had recently been accessed from China. I immediately reset my password on every account that I had everywhere.

      I had heard that gmail started notifying people if the account was accessed from china, so I was interested to see what would happen when I went to china for a conference a few weeks ago.


      There were no notifications or anything when I got back. I changed my passwords anyway because access to gmail from within china was suspiciously intermittant (monitoring?) while other non-blocked sites were normal.

      • Even if they added such notifications, it is so trivial for the bad guys to connect from IPs from any country they want. As a private person, there are many proxies you can use -- and if you have a botnet, you have millions of those on your own. And for a good portion of these attacks, even just a single proxy would be enough.

    • I have no idea how they figured out my password,

      They probably tricked Google into sending the password to them through the password reset process. They might've also hacked google people first and those people might have access to internal data. The lesson is, if you host your data on someone else's site, password strength is just one small factcor in securing your data.

  • These people need professional advice, or common sense: Don't store highly valuable (i.e., dangerous to people's lives), confidential information on a free public webmail service!

    Really, how hard is that to figure out? How many very well-publicized successful attacks has Google experienced, and they still haven't figured it out?

    • These people need professional advice, or common sense: Don't store highly valuable (i.e., dangerous to people's lives), confidential information on a free public webmail service!

      What evidence is there that the victims stored such information on public servers? A personal account with no work mails could still give enough info to compromise accounts elsewhere.

    • I would if it didn't involve a cell-phone. My cell phone battery dies far too frequently to rely on it. Honestly, if Google let me buy one of the key-fob authenticators like Blizzard sells I'd attach one of those, as the battery lasts plenty long enough.

      • It let's you print off backup verification codes in case you lose your phone or the battery dies which you can put in your wallet, safety deposit box, or caved in mine shaft. Also, you can authorize a computer/ip for up to 30 days. So, as long as your phone is good at least once every 30 days, you'll be fine.

  • why do chinese political aktivists use gmail there are far more secure email systems they can use and why would miltiary and political officials use it when they have acces to government email systems except when they dont want their emails to be read and archived for the public intrest. Also why is it only Gmail that keeps on getting attacked by the chinese are they the only ones who mention it?
    • I've witnessed hacked hotmail accounts sending spam to their contacts regarding chinese electronics shops for years now. Maybe Gmail just cares enough to point out it's a problem.
  • Is anyone really surprised by this? I don't mean to cast aspersions on everyone in China but dammit if they don't have a huge right wing group of people who are hell bent on enforcing totalitarianism on not only themselves but the world at large.

    And the kicker is that we have had our own group of people who viewed 1984 as a manual rather than a cautionary tail working since the 60's.

    I'm sorry but for everyone that view the right wing slide as OK you are so wrong. So very wrong.

  • After harvesting your password, they would then try to change your forwarding and delegation settings. Since this would be done from their machine, they'd face a 2-factor challenge prompt from gmail which they could not meet, unless they had also stolen your phone.

  • by Kamiza Ikioi ( 893310 ) on Thursday June 02, 2011 @05:49AM (#36317496)

    I use Lastpass (which got hacked recently, but my LastPass crypto password was pretty secure). I also use the Google 2 Step Authentication. Once Facebok implements this as well, I will switch immediately. I log in to most sites with either Google or Facebook. I prefer Google, because it's usually just confirming the email, whereas apps that log in to Facebook want access to data, my wall, my friends, etc. That's as stupid, imo, as an app or site asking, "Login with Google, and give us permission to read your email and send email as you."

    What many people don't know is that Google has some privacy features built in if you know where to look. At the bottom of the page it says something like:

    Last account activity: 4 minutes ago at this IP ( Details

    Click Details and you'll see:

    This account does not seem to be open in any other location. However, there may be sessions that have not been signed out.

    Browser * United States (NY) ( 5:45 am (0 minutes ago)
    Browser United States (NY) ( 5:39 am (5 minutes ago)
    Mobile United States (NY) ( 4:03 am (1.5 hours ago)
    Mobile United States (CA) ( 6:19 pm (11 hours ago)
    Browser United States (NY) ( Jun 1 (18 hours ago)
    Mobile United States (NY) ( Jun 1 (20 hours ago)

    Now, unless you were in CA recently (or have a proxy), this shows that someone hacked your account 11 hours ago from California.

    Click the "Sign out all other sessions" button, then go change your password ASAP and enable 2 Step Authentication if you haven't already.

  • Let me guess? Weiner had his password stolen, and a private photo was leaked to twitter?

Research is what I'm doing when I don't know what I'm doing. -- Wernher von Braun