Google E-mail Hacked by China?U.S. Gov. Officials Allegedly Targeted by Phishing Campaign
"The Chinese government has always opposed any criminal activity that tries to harm the internet and computers, including hacking, and will punish these crimes according to the law," says Hong Lei, Chinese foreign affairs spokesman, denying Google's claim. "Hacking attacks are an international problem, and China is also a victim. The so-called allegation that the Chinese government supports hacking is completely fabricated with ulterior motives."
Google on June 1 alleged that Chinese hackers attacked the Gmail accounts of several hundred U.S. officials, including military personnel, in an effort to obtain passwords and monitor the accounts.
"Through the strength of our cloud-based security and abuse detection systems, we recently uncovered a campaign to collect user passwords, likely through phishing," says Eric Grosse, engineering director for the Google Security Team, in a press release posted to Google's website.
The White House, in a press briefing June 2, denied that any U.S. government e-mail accounts had been compromised, noting that the Federal Bureau of Investigation is reviewing the Google hack. "We have no reason to believe at this point that any official U.S. government e-mail accounts were accessed," said White House spokesman Jay Carney.
Google says it detected and stopped the phishing campaign, which aimed to take users' passwords and monitor their e-mail activity.
"This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries [predominantly South Korea], military personnel and journalists," Grosse says in the Google statement, adding that Google's internal systems have not been affected.
The White House's National Security Council is looking into Google's allegations and says it's working with the FBI to investigate the situation.
Google, meanwhile, offers these tips to its customers:
- Enable two-step user verification.
- Use a strong password for Google that you do not use on any other site.
- Enter your password only into a proper sign-in prompt on a https://www.google.com domain.
- Check your Gmail settings for suspicious forwarding addresses or delegated accounts.
- Watch for the red warnings about suspicious account activity that may appear on top of your Gmail inbox.
- Review the security features offered by the Chrome browser.