China denies role in Gmail account attacks

Calls Google's accusations "fabricated with ulterior motives"; FBI to investigate

A Chinese official today denied accusations that the government was responsible for attacks that accessed hundreds of Google Gmail accounts.

"The so-called allegations that the Chinese government supports hacking is completely fabricated with ulterior motives," said Hong Lei, a spokesman for the Ministry of Foreign Affairs, in a Beijing press briefing today.

On Wednesday, Google announced it had disrupted a targeted phishing campaign designed to hijack Gmail accounts belonging to senior U.S. and South Korean government officials, military personnel, Chinese activists and journalists.

Google said it had traced the identity theft attacks to Jinan, China, a city in eastern China that was linked to the December 2009 attacks on Google's network. Those attacks eventually prompted Google to transfer its search engine from China to Hong Kong.

According to the Reuters news service, the U.S. is looking into Google's claims.

"We are obviously very concerned about Google's announcement regarding a campaign that the company believes originated in China," Secretary of State Hillary Clinton told reporters Thursday. "We take them seriously, we're looking into them."

The Federal Bureau of Investigation (FBI) will lead the inquiry, Clinton indicated. The FBI did not reply to Computerworld's request for comment on the investigation.

Lei also called Google's accusations "unacceptable," and said "China is also a victim" of hacking.

But the most caustic comments came from Xinhau News Agency, the Chinese government's official press arm.

In an editorial published on the agency's Web site, Yang Lina blasted Google, saying it was " lash out at others without solid proof to support its accusation" and calling the U.S. company's complaint "chimerical."

"Furthermore, it is not appropriate for Google, a profit-first business, to act as an Internet judge," said Lina.

Google credited its internal abuse detection systems, designed to warn it of suspicious behavior by Gmail accounts, for kick-starting its investigation, but also gave a tip of the hat to Mila Parkour, a Washington D.C.-based independent security researcher who reported on the Gmail phishing campaign in mid-February.

Unlike the attacks in late 2009 that targeted Google and dozens of other Western corporations, the phishing campaign did not try to plant malware on victim's PCs, said Parkour today.

The earlier attacks, dubbed "Aurora," had exploited a then-unpatched vulnerability in Internet Explorer 6 (IE6) to let hackers infiltrate Google's corporate network and make off with confidential information.

But Parkour noted that the phishing attacks included components that sniffed out the antivirus software on victims' computers, perhaps for follow-up assaults. "Their script gathered info about the installed AV type, probably for real malware attacks later," Parkour said in an email reply to questions.

Parkour did not report her findings directly to Google -- "It was not a zero day, just some old way to dupe," she said -- but simply posted her findings on her Contagio Malware Dump blog.

Among the emails Parkour uncovered were ones that spoofed sending addresses from the U.S. Department of State and the Office of the Secretary of Defense, hinting that the targets worked in the same agencies.

Parkour was most concerned with the attack's aggressiveness and its attempt to hijack Gmail accounts, which then gave the hackers the ability to either read the messages directly in the inbox or secretly forward selected messages to a secondary account.

"It is an old-school approach, but it worked and worked well," she said.

Sam Masiello, chief security officer at Return Path, a New York City-based email certification company, agreed that the Gmail phishing campaign was nothing new.

"It was no different than any other phishing campaign other than the type of people who were being victimized," said Masiello, who pointed out that, contrary to some headlines yesterday, Google or Gmail were not hacked.

"There was no vulnerability in Gmail," Masiello said. "But these types of folks have access to a lot of privileged information."

Masiello also noted that once the hackers had a victim's Gmail account password, they could try to hijack his or her official government or military account using that same password. "Some people do have a habit of using the same password for multiple sites and accounts, so there could be a potential tie there, as well," said Masiello.

Google said it had notified victims and secured their accounts. The company also spelled out steps all Gmail users can take to better protect themselves against phishing attacks.

"There is no such thing as too many reminders and too much user education," said Parkour. "It helps especially when [people] see how easy it is to fall for simple tricks."

Google declined to comment about the attacks or the timetable of its investigation, and instead pointed to the Wednesday blog post by Eric Grosse, the director engineering on Google's security team.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His e-mail address is

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags GoogleReuterssecurityFederal Bureau of InvestigationWeb 2.0 and Web Apps

More about AppleetworkFBIFederal Bureau of InvestigationGoogleMicrosoftReuters AustraliaTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts