Google to warn 'suspected' state-sponsored targets
- — 06 June, 2012 11:37
- ( 1 Comment )
Google will notify users when it suspects they are being targeted by nation states or their private contractors via a pink ribbon at the top of the page (of a signed-in user).
It will state: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer”.
“When we have specific intelligence — either directly from users or from our own monitoring efforts — we show clear warning signs and put in place extra roadblocks to thwart these bad actors,” said Google’s vice president of security engineering Eric Grosse in a blog post.
It's probably welcome news for likely targets of state-sponsored attacks, but exactly which source of a ‘state-sponsored attack’ will warrant a Google warning is not known.
While attacks are alleged to have been launched from China on Google infrastructure aimed at human rights activists in China, the new warning system follows revelations that the Iran-focussed Stuxnet was a US-sponsored attack, even though that likely fell outside Google's view.
The more recently discovered espionage malware, Flame, which is only known to have targeted a small number of computers in the Middle East, did contain a module that listed Google as one of a dozen email services it would aim to spy on. Its makers have not been identified.
Besides how it decides which attacks to warn customers of, Google is also not revealing anything about the “detailed analysis” it conducts to be confident enough to warn a user that an attack is likely state-funded—and not just a financially motivated phishing or malware attack.
“We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored,” Grosse said.
Google does not guarantee the warning is confirmation the recipient is the target of a state, and could just as likely be a target of a phishing or malware campaign, meaning that it could be the precursor to an actual attack or not state-sponsored at all.
“We believe it is our duty to be proactive in notifying users about attacks or potential attacks so that they can take action to protect their information. And we will continue to update these notifications based on the latest information,” said Grosse.
Follow @CSO_Australia and sign up to the CSO Australia newsletter.
Get exclusive access to CSO, invitation only events, reports & analysis. 
Comments
eroeri
1
Since New York Times recently reported that Stuxnet is a US State Sponsored Cyber virus - which if you recall was accidentally released into the wild and affected and attacked innocent end-user machines as collateral damage, and with the ongoing US-Israeli state sponsored cyber warfare weapons of mass destruction (operation Olympic Games) including the more recent releases of Duqu and Flame virus.... can Google clarify if through its detailed analysis as well as victim reports if Google will apply the same exacting standards and warn end-users (both in the US and abroad, example: Iranian users) of these domestic (US) state sponsored attacks as well? Even if Google was to choose to go the higher route, wouldn't this kind of undermining and subterfuge (however unintentional) really go unnoticed by its host nation? Or are exceptions of convenience made in these cases due to the close ties that Google has with the US intelligence agencies and the confirmed but secret and classified collaboration that the Google has with the CIA and NSA in regards to GMail and Google Accounts? No doubt there is a clear conflict of interest going on here. To me this smells more like Google catering to State Sponsored Propaganda than really caring about the security and privacy of their end-users.