Tags: gmail | hacking | china

Gmail Hackers Had Access to Accounts for Months

Thursday, 02 Jun 2011 07:14 AM

 

  Comment  |
   Contact  |
  Print   |
    A   A  
  Copy Shortlink
SHANGHAI - Hackers who broke into Google's Gmail system had access to some accounts for many months and could have been planning a more serious attack, said the cyber-security expert who first publicly revealed the incident.

Google said suspected Chinese hackers tried to steal the passwords of hundreds of Gmail account holders, including those of senior U.S. government officials, Chinese activists and journalists. [ID:nN01199426]

"They were not sophisticated or new, but they were invasive," said Mila Parkour, who reported the cyberattack on her malware blog in February.

"Emailing phishing messages using details from read personal messages is invasive. Plus, they maintained full email access to mailboxes for a long time," the Washington-based Parkour told Reuters. She uses a pseudonym to protect her identify.

"I covered one; they (Google) took it and uncovered many more of the same kind," she said, noting the method of attack was invasive and targeted.

Parkour was initially involved in investigating one such phishing incident, referring to the practice where computer users are tricked into giving up sensitive information, and then started to gather data on other similar incidents, she said.

 

Google declined to comment on the details of Parkour's report, but a source with knowledge of the matter said there were similarities between the attack she analysed and the rest of the campaign. The source declined to be identified owing to the sensitivity of the issue.

The Internet company, which was also the victim of a sophisticated hacking episode last year, gave no details about the most recent attack other than to say it had uncovered a campaign to collect user passwords, the goal of which was to monitor users' emails.

The company said its Gmail infrastructure had not been compromised.

 

METHOD

Parkour's analysis in February showed that the hackers emailed victims from a fake email address, which purported to be that of a close associate in order to gain their trust. The email contained a link or an attachment.

When the victims clicked on the link or document, they were prompted to enter their Gmail credentials on a fake Gmail login page created to collect usernames and passwords, after which the hackers had full access to their accounts.

In the case that Parkour studied, the victim was unknowingly in contact with the hackers between May 2010 and February 2011 according to email screenshots she posted. He received emails once or twice a month that allowed them to maintain updated access to his inbox.

"The victims were carefully selected and had access to sensitive information and had certain expertise in their area," Parkour said, adding that the victim in the case she studied thought he was replying to someone he knew.

The man had emails sent to him that purported to be from branches of the U.S. government, Parkour said.

One of the emails reads: "My understanding is that the State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike."

Parkour said the Gmail attacks could be a staging ground for a more serious attack using malicious software, or malware. Many of the Gmail accounts were personal email accounts of personnel with access to sensitive information, some of whom could have forwarded their work emails to their personal Gmail accounts.

"Gathered information could help in the next attack, which could be a malware attack , after which the attackers could gain access to corporate and government networks when the victims log in from a compromised PC," she said.

Parkour said evidence of that was found in an antivirus script used by the hackers to reveal what type of software the victim had installed on his computer.

"The only reason you want to know what (version of Microsoft) Office you have and what antivirus you have is to be able to infect it in the future," said Parkour.
 

© 2014 Thomson/Reuters. All rights reserved.

  Comment  |
   Contact  |
  Print   |
  Copy Shortlink
Around the Web
Join the Newsmax Community
Please review Community Guidelines before posting a comment.
>> Register to share your comments with the community.
>> Login if you are already a member.
blog comments powered by Disqus
 
Email:
Country
Zip Code:
Privacy: We never share your email.
 
Follow Newsmax
Like us
on Facebook
Follow us
on Twitter
Add us
on Google Plus
Around the Web
Top Stories
You May Also Like

New Cuba Relations Makes NKorea Last on Cold War Blacklist

Thursday, 18 Dec 2014 09:57 AM

President Barack Obama's decision to normalize diplomatic relations with Cuba leaves North Korea as the last remaining c . . .

Putin: West Is Trying to Defang the Russian Bear

Thursday, 18 Dec 2014 07:59 AM

President Vladimir Putin struck an uncompromising stance over the crisis gripping Russia, accusing the U.S. and European . . .

Hillary Never Wanted to Trade Cuban Spies For Gross

Thursday, 18 Dec 2014 09:44 AM

Potential GOP presidential candidates Jeb Bush and Marco Rubio were quick to condemn President Obama's exchange of three . . .

Most Commented

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

 
NEWSMAX.COM
America's News Page
©  Newsmax Media, Inc.
All Rights Reserved