2 Jun 2011

Google emails hacked as cyber war escalates

Google says US officials, military personnel and journalists have had their email accounts compromised by Chinese hackers, as major US defence contractors also admit further security breaches.

Google mail hacked (reuters)

Google has tracked the hackers to the Shandong province of central China. In addition to foreign targets, it is claimed Chinese political activists have come under attack.

A spokesman said: “Google detected and has disrupted this campaign to take users’ passwords and monitor their emails.

“We have notified victims and secured their accounts. In addition, we have notified relevant government authorities.”

The specific targets are people whose emails might have contained sensitive and secret information, raising the prospect that the attacks are cyber espionage.

Phishing and malware scams, in which large numbers of users and websites are subject to random attack, are not a new phenomenon. What sets this attack apart is that the hacks were targeted, with the perpetrators using stolen passwords to enter email accounts and change the targets’ forwarding and delegation settings.

The White House is investigating, but officials are confident that no US Government personnel have been targeted.

But Google believes that the list of those attacked does actually include US Government officials, as well as Chinese political activists, officials in governments across south east Asia, military personnel and journalists.

If you shut down our power grid, maybe we will put a missile down one of your smokestacks. Pentagon spokesman

The company says it has contacted all those affected and is working closely with affected governments. It has confirmed that one of the attacked emails had the subject: “Fw: Draft US-China Joint Statement”.

China’s foreign ministry has already distanced itself from any connection with the hackers.

Spokesman Hong Lei said: “Hacking is an international problem and China is also a victim. The claims of so-called support for hacking are completely unfounded and have ulterior motives.”

The issue of cyber warfare has escalated in recent weeks, with US officials declaring that a deliberate hack to obtain sensitive or secret information is an “act of war”.

One Pentagon spokesman told the Wall Street Journal: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”

More from Channel 4 News: China admits cyber warfare unit

Shandong province was the location of cyber attacks in February, when Google and major US companies were hit. The source of the hacking was allegedly traced to two schools, Jiaotong University in Shanghai and the Lanxiang Vocational School in the Shandong Province – two of the most advanced centres of IT learning in China, with connections with national security projects.

In 2008 Shandong TV reported that the Lanxiang School had established a community-based armed unit, with its students working as technical support. The attacks are believed to have begun as long ago as April 2010.

High-profile US defence and intelligence contractor L-3 Communications admitted on Wednesday it had been a victim of hacking. It follows the reported hacking in May of Lockheed Martin, a major provider of IT services to the US Government and military.

Fox News also reported that major US defence contractor Northrop Grumman, manufacturer of the Predator and Reaper drone weapons, is also believed to have had a security breach after the company disabled remote access to its network without warning on 26 May.

How to avoid hacking - two-step verification

Google has issued advice on how to avoid hacking, ranging from keeping a unique and updated password to the more successful extra measure of two-step verification.

Websites using the two-step system require the user to have their phone on their person when logging in. After password and username has been entered, a further page requests a code to verify account details that is sent to a registered mobile phone.

As more websites require log-in details and registration, internet users are becoming less secure with their passwords, using more generic or obvious log-in details across all of their accounts without knowing whether the sites have low or high security. The targeted attacks could have obtained passwords from a number of sites before using them to enter Gmail accounts.