Google Alerts Users to Suspected State-Sponsored Attacks

Player utilities

This story is based on a radio interview. Listen to the full interview.

Audio Transcript:

Marco Werman: Online spying is another kind of cyber weapon. This week, the internet giant, Google, added a feature to alert users who may be targets of what it calls "state-sponsored attackers". Google won't say how it knows a government may be spying on you, but Kim Zetter has an idea what Google is done. She covers privacy and security issues for WIRED magazine.

Kim Zetter: They're monitoring what is normal activity on an account, and so if they see, for example, that access to an account is coming from IP addresses that aren't your normal addresses, that's one hint that someone may have gotten into your account. But another way that they would be determining this is if there are known phishing attacks against users, they would see that. So a phishing attack is when an attacker sends an email to a target, it can often look like it's coming from someone you know, someone you trust, and when you open that email there might be an attachment in there that has malicious code in it or it may have a link to a website where malicious code downloads to your computer without you knowing. And so if Google is monitoring these situations, they might come across a known phishing attack and then if they know that it's state-sponsored, they would notify all users who might have received that email.

Werman: Do you find it strange that Google would focus it's efforts on government spying only? I mean why not spying from other sources?

Zetter: Yeah, I mean that is curious here because a lot of people get their Gmail accounts hijacked all the time for criminal reasons, simply enemies, personal enemies that might get into it, and it's a curious choice that they would choose to notify you for one activity, supposedly state-sponsored, and not for any other kind of fraudulent activity. But this has sort of a precedent in it in that in 2010 Google was hacked and there were some activists or people who were active against China and their accounts were breached. And so there has been a lot of sensitivity, Google in particular, against possible hacking from China and this might be related to that.

Werman: Has Google said if they plan on addressing other forms of spying?

Zetter: No, they haven't. I mean all we've got from this is a brief blog post. They don't explain how they're going to determining whether something is state-sponsored as opposed to criminal and they don't indicate whether or not they plan to expand on this to other kinds of fraudulent breaches.

Werman: What do you think then is the motivation, Google motivation for warning subscribers that they're being spied on by a government?

Zetter: Well, I think that there's increased concern after their hack in 2010 and a lot of fingers pointed to China in that case. I think there's a concern that activists in oppressive regimes are at particular risk in this case and I think that Google kind of wants to be seen as doing its part to protect them.

Werman: Now, for users who may be spied upon, explain what kind of notification they would receive if, in fact, Google thinks they're being spied on by a government.

Zetter: Yeah, it's just a little message that will appear at the top of your account on the front page. It's black type on a pink background saying that, it's like a warning saying that they've detected that your account might be targeted by state-sponsored attackers. Google has suggested changing passwords and updating software on your systems to protect against an attack, but that's pretty much all they're doing. I mean the message is a bit obscure because if I got that on my account I would be a bit shocked by it, and I think most people will be and probably won't quite know what to do about it.

Werman: Right. I mean they won't be expecting it and wouldn't they think it's somebody trying to scam them?

Zetter: Exactly. That was my initial reaction, was that this was going to be spoofed by attackers.

Werman: You know, there's an assumption that US government agencies do a fair amount of cyber spying. So, in theory, if you're a Google subscriber in Iran, would Google then let you know that the CIA is looking into your stuff?

Zetter: Yeah. I mean that's the big question here. Is Google going to be selective about who it notifies? If it knows for instance that some kind of activity is coming from the US, would it still notify users? They haven't answered that question. It's also the question of where they're getting their information from. Google, after it was hacked in 2010, developed a partnership with the NSA. Is it possible that they might know about some of the state-sponsored hacking through intelligence that the NSA provides them?

Werman: You know, Kim, what I find kind of ironic is that the whole premise of this, as it comes from Google, is "We know when the governments are spying on you". So does that mean Google is more powerful ultimately than the CIA or the NSA?

Zetter: Well, yeah, I mean who knows? Again, if there's a partnership with the NSA and the NSA is providing them with intelligence, then intelligence might simply be limited to, "Hey, there's a phishing attack going on from this email account. If any of your customers are receiving this email, you might want to let them know." That might be the limits of the intelligence that they're getting and not much more than that.

Werman: Kim Zetter of WIRED magazine. Thank you very much.

Zetter: You're welcome.