Google starts warning users of state-sponsored computer attacksby Dan Goodin, arstechnica.com
June 5th 2012 4:06 PM
Google unveiled a service that automatically displays a warning to users who may be the target of state-sponsored phishing or malware attacks.
Company representatives aren't saying precisely what criteria is used to determine when a particular attack is sponsored by a government actor, because that information could be used to evade detection. They went on to say very generally that the company relies on "detailed analysis" and victim reports that "strongly suggest the involvement of states or groups that are state-sponsored."
The warning comes in the form of a red banner just above the Google search bar that reads: "Warning: we believe state-sponsored attackers may be attempting to compromise your account or computer." It includes a link to information users can use to help lock down their computers, smartphones and Google accounts.
The warnings are being rolled out after Google users have been hit by several high-profile attacks that show evidence of being sponsored by governments in China and Iran. In early 2010, for instance, the Web giant said it was the victim of a "highly sophisticated and targeted attack" that originated in China and stole information about human rights activists who used the company's Gmail service. Last June, Google said it detected a targeted campaign to collect hundreds of personal Gmail passwords belonging to senior US government officials. And in August, a fraudulent secure sockets layer certificate for the Google domain was discovered. Later analysis revealed that it was used to spy on more than 300,000 users, most of whom were located in Iran.
"We believe it is our duty to be proactive in notifying users about attacks or potential attacks so that they can take action to protect their information," Google Vice President of Security Engineering Eric Grosse wrote in a blog post published Tuesday. "And we will continue to update these notifications based on the latest information."
The new advisories augment warnings the site already provides users when their accounts show unusual activity, such as logins from foreign countries.
Shared from Read It Later