back to article Google: We caught a Russian state hacker crew uploading badness to the Play Store

Google has said it fired off 12,000 warnings to unlucky users of its GMail, Drive and YouTube services telling them it believes they're being phished by state-backed hackers. The ad tech firm’s Threat Analysis Group (TAG) said in a blog post that between July and September it told people in 149 countries around the world that …

  1. Mark192

    Huh, so the hackers are not interested in me, just talking to me to get to my friends.

    Story of my life :(

    1. KittenHuffer Silver badge

      I'm safe then cos for security reasons I have no friends!

      1. Anonymous Coward
        Anonymous Coward

        I'm safe then cos for security reasons I have no friends!

        Don't tell anyone else about this. OP used to have a lot of friends, but for security reasons th

        [Signal Lost]

  2. Anonymous Coward
    Anonymous Coward

    Worry about the ones they don't catch.

  3. Anonymous Coward
    Anonymous Coward

    A Breakdown would be nice.

    I'd be interested in a table of which government to how many phishing attempts they sponsored.

  4. chuckufarley

    About nomenclaturenotes...

    ...So I was thinking (I know, I know, but if I trying I might get it right.) that instead of using all of these different names each group should just get a number. We could call it almost anything except "The Common Villain Enumerator" and have a web site dedicated to maintaining a centralized database of their activities so the world can more easily track them.

    1. Richard 12 Silver badge

      Re: About nomenclaturenotes...

      Call it the Villain Index List of Evildoers, then send Carmen Sandiego after them.

  5. Anonymous Coward
    Anonymous Coward

    Hacking into YouTube eh?

    No biggie.

    It's not like they are compromising any elections.....

    Oh wait.

  6. Blockchain commentard Silver badge
    Facepalm

    Simplified naming system....

    Hacker group A - the Chinese gov't

    Hacker group B - the North Koreans

    Hacker group C - the Russians

    Hacker group E - that Israel company

    Hacker group F - spotty faced kid, living in his mum's basement, doing it for LOL's.

    Edited. Where did Hacker group D go? Damn interfering NSA.....

    1. Captain Scarlet Silver badge
      Alien

      hmm appears someone also removed GCHQ from your list.

      I blame aliens!

      1. Anonymous Coward
        Anonymous Coward

        @Captain Scarlet

        I blame aliens!

        If by "alien" you mean foreigners, so do the US and UK authorities.

        1. Captain Scarlet Silver badge
          Alien

          Re: @Captain Scarlet

          Blast you got me, everyone not from Mars is an Alien, Blast you Anonymous Alien!

          We will be avenged!

      2. Anonymous Coward
        Anonymous Coward

        No, he just hadn't finished.

        A,B,C,D,E,F,GCHQ

  7. Archtech Silver badge

    The usual question applies...

    What concrete evidence is there that a "state-sponsored group" was responsible, let alone a Russian one?

    We are always told (more or less) the same thing: in this case, "TAG went on to highlight a Russian state-sponsored hacking crew named Sandworm* which in 2017 started deploying Android-based malware to the Google Play store..."

    So apparently these Sandworm guys were left to their own devices for (at least) two years before Google's clever "TAG" people even got around to issuing a press release.

    What I would like to see is the specific technical evidence that shows those attacks to be "state-sponsored", let alone attributed to any particular state. I mean, given nothing to work with but the actual software and the event logs, how would you go about eliminating... say... the CIA or NSA from the list of suspects? Given that they might see fit to hire people working in any country in the world, pay them in any currency, and insist that all documentation and communication be done in (say) Russian?

    Towards the end of the article, the author finally begins to make some sense:

    "The wildly unchecked proliferation of different names for hacking crews is intended mainly as a marketing gimmick to make threat intel companies appear to be first with the latest news about FancyAPT007PandaSeaTeamCalc!heeheeCr3wBlurt and to drown out the fact that there’s a score of competing firms all tracking the same threats. This is incredibly frustrating for anyone trying to figure out whether this week’s Big Scary Thing is actually the same one from last week but under a different name".

    In other words, corporations like Google issue these announcements as, essentially, marketing material. Moreover, Google - which has immense contracts with the US government - is certainly not going to point the finger at Uncle Sam. More likely Washington's self-appointed enemy du jour, which is... (no prizes for guessing).

    1. Charlie Clark Silver badge

      Re: The usual question applies...

      What concrete evidence is there that a "state-sponsored group" was responsible, let alone a Russian one?

      It's not as if Russia goes out of its way to conceal such activities apart from the occasional denial. But this is generally low-level interference with a general aim of sowing confusion and shouldn't be, er, confused with proper snooping programs that all of the major governments are involved in. In a sense, Russia wants these kind of attacks to be discovered, though it also wants them to be sophisticated enough to be difficult to block.

      Sure, the various agencies of the US security services engage routinely in all kinds of dirty tricks, no doubt including low-level identity theft like this. But it also has things like GCHQ and Five Eyes to make mass surveillance easier. The constitution places a few obstacles in the way of spying on US citizens, but this is where cooperation with Israeli companies gives them plausible deniability.

      The risk with the US is probably down the sheer size of its budget. DARPA has for years been able to bankroll all kind of whackjob ideas and Chris Morris' new film is based on true stories of the security services attempting to make domestic terrorists in the absence of the real ones. But the aims are still too vague: it's still largely about stoking fear amongst the citizenry. Though with most of the funding being non-discretionary, it's not as if they need to worry much about their budgets.

      1. Chris DC

        Re: The usual question applies...

        Nasty old Ruskies eh?

        It’s a good job the Americans are squeaky clean

    2. CrazyOldCatMan Silver badge

      Re: The usual question applies...

      What concrete evidence is there that a "state-sponsored group" was responsible

      It's usually in what the 'hackers' are after. If they are looking to syphon money/bitcoin out of you (and are going after login credentials to paypal/banks et. al), they probably not state-sponsored.

      If they are going after specific Government/State data or election/voting data (and targetting specific public-sector organisations or targetting political opinion) they are almost certainly state-sponsored.

      Looking at what they are stealing (and who from) is pretty diagnostic.

  8. Anonymous Coward
    Anonymous Coward

    The power of code signing?

    “This just shows the power of code signing, it’s like a god that machines trust blindly”

    Seems like a good idea for compiling your own source code?

    1. A.P. Veening Silver badge

      Re: The power of code signing?

      Seems like a good idea for compiling your own source code?

      Can you trust the compiler? And can you trust the compiler for the compiler source?

  9. an0n1m0us

    This makes sense since many phishing scams come from Russia. I've tracked IPs to many locations in Russia.

    1. KittenHuffer Silver badge

      In Soviet Russia, IPs track you!

      1. Anonymous Coward
        Anonymous Coward

        They have big IP, strong IP...covered in bears.

        In Russia there is 5 octet address scheme. We call TCCCP/IP.

    2. CrazyOldCatMan Silver badge

      've tracked IPs to many locations in Russia

      The benefit in running my own proper firewall is that I can block traffic from country IP ranges (currently blocking Russia, China, N. Korea, Saudi Arabia and Iran). Thinking about blocking Brazil because I'm seeing an increasing number of attacks from there.

      Blocking those more than halves the probes hitting the firewall and triggering the intrustion dection system.

  10. Eric Olson
  11. Anonymous Coward
    Anonymous Coward

    warnings lol

    only "12,000 warning" Emails? but they removed 170,000+ malicious apps last year, shouldn't everyone that had those get a warning Email?

    never mind, I know it's just a feel good PR stunt.

  12. Anonymous Coward
    Anonymous Coward

    That's fine as long as the shared spreadsheet isn't on Google Docs.

    Has anybody noticed this only happens on Google Play store?, sounds like a very good reason to not do Android. *waits for torrent of abuse*.

    There's a price for getting something for nothing, hint - you DON'T, the product is YOU, what you search for, when you search for it. Kind of violates the 'don't be evil' principle doesn't it?

    Think I'll go back to a retro phone that does nothing but SMS and make phone calls, you know the sort of thing a mobile was actually invented for.

  13. Chris DC

    State sponsored ?

    And how do we know this event was state sponsored?? Or did google just decide it was??

    1. Archtech Silver badge

      Re: State sponsored ?

      The article doesn't mention anything that even resembles concrete evidence.

      As with Iraq's WMD, as with Gaddafi's Viagra and murderous intentions, as with Syria's sarin and chlorine gas, as with MH17, as with the Skripal affair, it's always "no actual evidence, but we are quite sure anyway".

      Maybe if people were fired and otherwise punished for drawing baseless conclusions when it is the essence of their job to provide reliable information, it might happen less.

      Today the opposite happens: those who draw unwarranted conclusions *of the right sort* get pay rises, promotions, honours, potentially protection from the law, and wealthy and comfortable retirement.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019