Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Google Security IT

Google To Give Security Keys To 'High Risk' Users Targeted by Government Hackers (techcrunch.com) 23

Google has said it will provide 10,000 "high-risk" users with free hardware security keys, days after the company warned thousands of Gmail users that they were targeted by state-sponsored hackers. From a report: The warning, sent by Google's Threat Analysis Group (TAG), alerted more than 14,000 Gmail users that they had been targeted in a state-sponsored phishing campaign from APT28, also known as Fancy Bear, said to be made up of operatives of Russia's GRU intelligence agency. Fancy Bear has been active for more than a decade but it's widely known for hacking into the Democratic National Committee and its disinformation and election influencing campaign in the run-up to the 2016 U.S. presidential election. "These warnings indicate targeting not compromise. If we are warning you there's a very high chance we blocked," Google's TAG director Shane Huntley wrote in a Twitter thread on Thursday. "The increased numbers this month come from a small number of widely targeted campaigns which were blocked."
This discussion has been archived. No new comments can be posted.

Google To Give Security Keys To 'High Risk' Users Targeted by Government Hackers

Comments Filter:
  • Obviously this will not prevent the NSA from having access, given that Google is forced to obey them and their NSLs.
    And it might even deliberate, to get basically a MITM hardware device straight to the most interesting targets.

    TL;DR: If you are "high-risk", trusting Google, of all choices, is a bit silly.

    • by GuB-42 ( 2483988 )

      It is not MITM hardware, it is just a Titan security key.
      A challenge-response device that signs a few bytes of data to confirm that the one who just tries to log in has the key in his possession. It doesn't do any kind of network processing.
      The NSA could send hacking device mimicking a standard USB device, that's the kind of things they do, but I would expect them to get more "personal" and not implicate Google and have them tell the whole world about the operation.

    • Indeed.

      Any entity that can be NSL'd into putting a backdoor or *cough* vulnerability *cough* via legal means cannot be trusted simply because the authorities using NSL's to do such things cannot be trusted.

    • Yeah. So Google tracks everything I do and cooperates with all sorts of questionable government activities. Now they acknowledge that I'm "at risk" and I'm supposed to trust THEM? Pass.
  • I suppose that it's a good thing, and socially/politically responsible for Google to just push these folks to improve their security measures. On the other hand, I'm pretty sure these folks could buy their own Yubikeys (or whatever) for ~$50 and is it really Google's responsibility to protect these people if they are incapable of doing it themselves?

    I just imaging them sending Donald Trump, Jr or Andrew Cuomo a 2FA key and them just being like "This is crap. I'm too smart for hackers!" and throwing it in th

    • by AmiMoJo ( 196126 )

      It's probably cheaper for Google just to give these people security keys than to keep repelling attacks on their accounts that rely on them not having 2FA enabled, or on their phones not being compromised.

      • seeing messaging was compromised for a half dozen years or so, phone based 2FA doesn't really have a good reputation for security right now.

        • by AmiMoJo ( 196126 )

          I don't mean SMS, I mean Google's app based 2FA where a message appears on your phone that requires you to unlock it and confirm the log in.

    • These people could buy their own for $50, or google can give them one which costs them $2 each. They get a press release that makes it look like they are tackling cyber crime head-on for $20,000.
    • by EvilSS ( 557649 )

      is it really Google's responsibility to protect these people if they are incapable of doing it themselves?

      Google doesn't want to see headlines and news stories about some high profile user's gmail getting "hacked" because they used no or weak 2FA, so they have vested interest in seeing that doesn't happen. Google sells their Titan FIDO keys starting at $30. Even if they are selling them at zero margin, that's only $300,000 for some preemptive PR.

  • Google, or a three letter agency/the taxpayer? I really don't mind which one, but a little transparency would be nice here.
    • by EvilSS ( 557649 )
      Why would the US pay for these?

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...