Search engine company Google has alerted hundreds of Gmail users after it found that Chinese hackers have stolen login details of Chinese political activists and several senior US and South Korean government officials, including top military personnel and journalists.
Google has clarified that its security was not breached and that hackers duped users to obtain the passwords. The company said officials in other Asian countries were also targeted in the attack.
Google said that the hackers aimed to take complete control of users’ email accounts. It said the fraud took place through targeted ‘phishing’ attack originating from Jinan, the capital of Shandong province.
Google added that though there is no direct evidence that the Chinese government was involved in the fraud, there is a possibility of the attack being state-sponsored.
"Google detected and has disrupted this campaign to take users’ passwords and monitor their emails," the company said. "We have notified victims and secured their accounts. In addition, we have notified relevant government authorities."
Malcolm Marshall, KPMG’s UK Head of Information Security said that while businesses can do plenty to defend themselves users must also play their part.
"Today’s announcement by Google provides more evidence that the threat landscape has changed irrevocably. No longer is e-crime driven by profit motive alone – the evolution of the criminal hacker into state-sponsored attackers and politically motivated hacktivists means money is often no longer an object. This raises the stakes significantly – and simply defending systems against attack will not be enough when faced with state-sponsored interests."
He suggests three steps users should take to improve their email security. "The old advice is the best so don’t open links you don’t recognise. Be dubious about being friended by contacts from the dim past or who you don’t know and Don’t feed the whale and spear phishers by giving confidential information away on your LinkedIn and Facebook pages."
