Science, Tech & Environment

Google warns users of suspected state-sponsored hacks


Google's warning message indicates attackers are trying to compromise the user's Google account or computer. (Image by Fitoschido via Wikimedia Commons.)

Google recently added a new feature to alert users who may be targets of what it calls state-sponsored attacks.

Player utilities

Listen to the Story.

The Internet giant said it would issue an alert to compromised users when they are logged into their Google Account.

Though Google won’t say how it knows a government might be spying on you, reporter Kim Zetter, who covers privacy and security issues for WIRED Magazine, has an idea.

“They’re monitoring what is normal activity on an account. If they see, for example, that access to an account is coming from IP addresses that aren’t your normal addresses, that’s one hint that someone may have gotten into your account,” Zetter said. 

She said another way that could determine if a user is being spied on is through monitoring what are known as phishing attacks.

A phishing attack is when an attacker sends a legitimate-looking email to a user, but that can then either induce the user to provide login information or download malicious code on their computer, allowing the attacker to collect the personal information.

“If Google is monitoring these situations, they might come across a known phishing attack, and then if they know that it’s state-sponsored, they would notify all users who might have received that e-mail,” Zetter said.

Google has made an unprecedented move in focusing its efforts on government spying over other sources of security breaches, and in providing alerts for users who may be targets.

But Zetter said this kind of alert has a sort of precedence. In 2010, Google was hacked, and the Gmail accounts of various Chinese political activists were breached. Since then, Zetter said, there’s been a lot of sensitivity at Google in particular against possible hacking from China, and this new alert might be related to that.

“I think that there’s increased concern after their hack in 2010, and a lot of fingers pointed at China in that case. There’s a concern that activists in oppressive regimes are at particular risk in this case, and I think that Google wants to be seen as doing its part to protect them,” Zetter said.

If Google thinks you are being spied on, a message will appear at the top of your account on the front page saying that your account may be targeted by state-sponsored attackers.

An attached link will suggest actions to protect your data from being hijacked such as changing passwords and updating software on your system to protect against an attack.  

However, Zetter has concerns.

“The message is a bit obscure. I think most people will be a bit shocked and probably won’t know what to do about it,” she said.

There’s also the assumption that U.S. government agencies do a fair amount of their own cyber spying.

“That’s the big question here — is Google going to be selective about who it notifies? If it knows for instance, that some kind of activity is coming from the U.S., would it still notify users? They haven’t answered that question,” Zetter said.

It is also unclear where Google is getting its information. After Google was hacked in 2010, it developed a partnership with the U.S. National Security Agency. The concern lies with the fact that Google might know about some of the state-sponsored hacking through intelligence the NSA provides.

If the NSA is providing Google with intelligence, then that intelligence may be limited. Google knows that's an issue.

"You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis — as well as victim reports — strongly suggest the involvement of states or groups that are state-sponsored," Google said in a statement.

Google has not said if it plans on addressing other forms of spying or if it will notify users if it has reason to believe the U.S. is involved in any government-sponsored attacks.