Feeds

back to article Spear phishers target gov, military officials' Gmail accounts

Google has detected a targeted campaign to collect hundreds of personal Gmail passwords, many of them belonging to senior US government officials, Chinese political activists, military personnel, and journalists. The accounts may have been compromised using spear phishing techniques in which victims received highly personalized …

COMMENTS

This topic is closed for new posts.
Paris Hilton

Poor security practices

Getting your email comprimised is easy peasy, just get that TPS report with an embeded from Tom u know Tom from accounting. Click it and watch that password and contact list go to China before you can say chop suey. Issue is govement and Cororate email exchange servers are so locked down and filtered now. Webmail is the way to go with out the restrictions . So im sure Yahoo, Hotmail have the same issues but are just either too scared to admit or dont care.

Why Paris - Cause u cant fix stupid.

2
2
Bronze badge
Pirate

MAC-level security?

I think it would help to add a layer of security at the MAC level, but the Google has become extremely closed to suggestions from the morons outside their private little universe. Anyone know an influential Googler who is still interested in the rest of the planet earth?

0
5
Facepalm

Re: MAC-level security?

forgive my ignorance, but the way I understand what you are trying to say is... you can never upgrade or change your device? Every time you change your device you will need to create a new email account?

what about accessing your account from another PC?

1
0
Anonymous Coward

Google Apps

Google Apps, if not gmail supports multi-factor authentication via SAML, along with network mask filtering and various other features. Though not MAC-level, it's good enough for most organisations. Possibly not senior-level government and military personnel though..

0
0
Silver badge

Won't work

For (at least) two reasons:

1. It's not possible to automatically identify non-local MAC addresses. You normally* have to use some sort of protocol, such as InARP.

2. MAC addresses are trivial to spoof. Of course, you'd have to know the valid MAC address, but if someone's accessing Google from a public network, that's not difficult.

* Does Frame Relay support this? I'm not sure. You're not likely to be accessing Google this way.

2
0
FAIL

IT fail

Funny how different people read MAC as:

Media Access Control layer (eg Ethernet) address

Media Access Control layer itself

Message Authentication code (or message integrity code)

Gotta love IT and it's multi-purpose acronyms

1
0
Boffin

Or perhaps...

Mandatory Access Control?

http://en.wikipedia.org/wiki/Mandatory_access_control

2
0
Silver badge
Facepalm

Removing ambiguities

While there are multiple possible interpretations of MAC (Wikipedia offers almost 100 disambiguations, 12 of them specific to computing and telecommunications), I think there's a clue in the use of the word 'level' in Shannon's phrase "add a layer of security at the MAC level" (not to mention the title).

0
0
Black Helicopters

World War 3?

I'm getting worried about this. The US government and the UK government have been talking big about cyber-warfare in the last few days. This looks like China's response.

Somebody tell me I'm paranoid, please.

0
0

WW3

A cyberattack is now a reason for military action, hm, hope this does not go any further. I believe you're not being paranoid.

1
0
Boffin

the advantage

Is that China is a superpower, a nuclear superpower at that, so no military action as it could feasibly lead to MAD; the scenarios are sufficiently well embedded not to need very deep thinking

1
0
Silver badge

"Paranoid?"

OK : You're paranoid.

But only a little. This is a long way from accidental WW3, but it is on the path if they're not careful. Rhetoric about lobbing ordnance down smokestacks as a response to cyber attacks is either an empty threat or a pretty stupid game plan. Just cos China is physically the source of this stuff it doesn't make the chinese gov responsible - after all, the subject of this story is the ease with which military personel can be deceived via e-mail, and they could be victims as well.

Perhaps they should find a more secure/verified way of communicating officially within the gov/mil community than bog-standard gmail (or any other similar offering).

2
0
Big Brother

You're paranoid.

Just because you're paranoid does not mean they are not out to get you though....

0
0
Anonymous Coward

America will never attack China.

Like all bullies they're cowards at heart, they pick on easy targets like Iraq or Afghanistan and not more immediate but well armed threats like North Korea.

America will never attack any country capable of defending itself.

2
1
FAIL

you have got to be kidding me

"senior US government officials, military personnel"

excuse me but what the hell are people in these positions doing using Gmail for work related communications.

8
0

Probably

...because they are 419ers! Emails from the CIA, FBI and Nigerian Central Bank all come from hotmail, yahoo or gmail addresses!

1
0
Pint

Ding Ding Ding

Yes friends and neighbors, we have a winner. You beat me to it.

Jesus Hussein Christ, just when you thought someone somewhere in government might have a shred of common sense you learn they're using web email accounts for gov/mil purposes! ! ! !

Why not just put Sony and HBGary in charge of your network security???

Beer icon 'cause this is enough to make any sane person need several, even at this time of the morning.

1
0
Silver badge

Not necessarily work related

Even politicians may have a social life. If you're using Gmail to set up an after work meeting - from a non-secure (in the military sense) network - there's not necessarily anything wrong*. I wouldn't recommend the use of a free public email service to update the nuclear launch codes, however.

* Though I'd ban it, because that's just the sort of security Nazi I am :)

2
0
Anonymous Coward

doesn't

Doesn't sound particularly complex, I get dozens of emails like this a week.

1
0
Joke

Mila Parkour

I wonder if she likes to run across rooftops and jump between buildings?

0
0
Silver badge
Facepalm

Of Hacks and Hackers

I see BBC News reported on this this morning. Apparently Google are under a sustained "cyber attack" by "hackers".

0
0
Thumb Down

What is Google's motive this time???

I wonder what is Google's motive this time round. Last time it was to bash IE6 and try to make people switch to Chrome browser. Is it to move from Windows to Chrome OS this time...

1
3
Silver badge
Facepalm

Or maybe...

Just alert their users to a potential threat while at the same time patting themselves on the back for having thwarted it.

0
0
Mushroom

And ?

even my home router gets bored with penetration attempts from machines under the domains of Microsoft and many other major players. Why would the home PC of an Admiral of the Fleet be any different ?

I'd not be surprised if it turned out that some high powered pumpkin was controlling a .mil SCADA system from home.

ALF

0
0
Holmes

bye google golly

What? Haven't Google forgotten those servers they left behind in China?

They've been rented out - some Western intelligence agency is hosting software for checking whether there is any (intelligence) left at Google or its long suffering users

After all, no-one else would bother with the US - when their are "softer" targets elsewhere.

Who knows - probably not Chinese - at least they can spell in Chinese and English!

1
1

This post has been deleted by a moderator

This topic is closed for new posts.