Spear phishers target gov, military officials' Gmail accounts
Google has detected a targeted campaign to collect hundreds of personal Gmail passwords, many of them belonging to senior US government officials, Chinese political activists, military personnel, and journalists. The accounts may have been compromised using spear phishing techniques in which victims received highly personalized …
This topic is closed for new posts.
Poor security practices
Getting your email comprimised is easy peasy, just get that TPS report with an embeded from Tom u know Tom from accounting. Click it and watch that password and contact list go to China before you can say chop suey. Issue is govement and Cororate email exchange servers are so locked down and filtered now. Webmail is the way to go with out the restrictions . So im sure Yahoo, Hotmail have the same issues but are just either too scared to admit or dont care.
Why Paris - Cause u cant fix stupid.
MAC-level security?
I think it would help to add a layer of security at the MAC level, but the Google has become extremely closed to suggestions from the morons outside their private little universe. Anyone know an influential Googler who is still interested in the rest of the planet earth?
Re: MAC-level security?
forgive my ignorance, but the way I understand what you are trying to say is... you can never upgrade or change your device? Every time you change your device you will need to create a new email account?
what about accessing your account from another PC?
Google Apps
Google Apps, if not gmail supports multi-factor authentication via SAML, along with network mask filtering and various other features. Though not MAC-level, it's good enough for most organisations. Possibly not senior-level government and military personnel though..
Won't work
For (at least) two reasons:
1. It's not possible to automatically identify non-local MAC addresses. You normally* have to use some sort of protocol, such as InARP.
2. MAC addresses are trivial to spoof. Of course, you'd have to know the valid MAC address, but if someone's accessing Google from a public network, that's not difficult.
* Does Frame Relay support this? I'm not sure. You're not likely to be accessing Google this way.
IT fail
Funny how different people read MAC as:
Media Access Control layer (eg Ethernet) address
Media Access Control layer itself
Message Authentication code (or message integrity code)
Gotta love IT and it's multi-purpose acronyms
Or perhaps...
Mandatory Access Control?
http://en.wikipedia.org/wiki/Mandatory_access_control
Removing ambiguities
While there are multiple possible interpretations of MAC (Wikipedia offers almost 100 disambiguations, 12 of them specific to computing and telecommunications), I think there's a clue in the use of the word 'level' in Shannon's phrase "add a layer of security at the MAC level" (not to mention the title).
World War 3?
I'm getting worried about this. The US government and the UK government have been talking big about cyber-warfare in the last few days. This looks like China's response.
Somebody tell me I'm paranoid, please.
WW3
A cyberattack is now a reason for military action, hm, hope this does not go any further. I believe you're not being paranoid.
the advantage
Is that China is a superpower, a nuclear superpower at that, so no military action as it could feasibly lead to MAD; the scenarios are sufficiently well embedded not to need very deep thinking
"Paranoid?"
OK : You're paranoid.
But only a little. This is a long way from accidental WW3, but it is on the path if they're not careful. Rhetoric about lobbing ordnance down smokestacks as a response to cyber attacks is either an empty threat or a pretty stupid game plan. Just cos China is physically the source of this stuff it doesn't make the chinese gov responsible - after all, the subject of this story is the ease with which military personel can be deceived via e-mail, and they could be victims as well.
Perhaps they should find a more secure/verified way of communicating officially within the gov/mil community than bog-standard gmail (or any other similar offering).
You're paranoid.
Just because you're paranoid does not mean they are not out to get you though....
America will never attack China.
Like all bullies they're cowards at heart, they pick on easy targets like Iraq or Afghanistan and not more immediate but well armed threats like North Korea.
America will never attack any country capable of defending itself.
you have got to be kidding me
"senior US government officials, military personnel"
excuse me but what the hell are people in these positions doing using Gmail for work related communications.
Probably
...because they are 419ers! Emails from the CIA, FBI and Nigerian Central Bank all come from hotmail, yahoo or gmail addresses!
Ding Ding Ding
Yes friends and neighbors, we have a winner. You beat me to it.
Jesus Hussein Christ, just when you thought someone somewhere in government might have a shred of common sense you learn they're using web email accounts for gov/mil purposes! ! ! !
Why not just put Sony and HBGary in charge of your network security???
Beer icon 'cause this is enough to make any sane person need several, even at this time of the morning.
Not necessarily work related
Even politicians may have a social life. If you're using Gmail to set up an after work meeting - from a non-secure (in the military sense) network - there's not necessarily anything wrong*. I wouldn't recommend the use of a free public email service to update the nuclear launch codes, however.
* Though I'd ban it, because that's just the sort of security Nazi I am :)
doesn't
Doesn't sound particularly complex, I get dozens of emails like this a week.
Mila Parkour
I wonder if she likes to run across rooftops and jump between buildings?
Of Hacks and Hackers
I see BBC News reported on this this morning. Apparently Google are under a sustained "cyber attack" by "hackers".
What is Google's motive this time???
I wonder what is Google's motive this time round. Last time it was to bash IE6 and try to make people switch to Chrome browser. Is it to move from Windows to Chrome OS this time...
Or maybe...
Just alert their users to a potential threat while at the same time patting themselves on the back for having thwarted it.
And ?
even my home router gets bored with penetration attempts from machines under the domains of Microsoft and many other major players. Why would the home PC of an Admiral of the Fleet be any different ?
I'd not be surprised if it turned out that some high powered pumpkin was controlling a .mil SCADA system from home.
ALF
bye google golly
What? Haven't Google forgotten those servers they left behind in China?
They've been rented out - some Western intelligence agency is hosting software for checking whether there is any (intelligence) left at Google or its long suffering users
After all, no-one else would bother with the US - when their are "softer" targets elsewhere.
Who knows - probably not Chinese - at least they can spell in Chinese and English!
This topic is closed for new posts.
