Hackers likely based in China have attempted to break into hundreds of Google mail accounts, including those of senior US government officials, Chinese activists and journalists, the internet company said.
The unknown perpetrators, who appeared to originate from Jinan in Shandong province, recently tried to breach and monitor email accounts by stealing passwords, but Google detected and “disrupted” their campaign, the world’s largest web search company said on its official blog on Thursday.
“[It] affected what seem to be the personal Gmail accounts of hundreds of users, including among others, senior US government officials, Chinese political activists, officials in several Asian countries [predominantly South Korea], military personnel and journalists”
A senior US military official said it was investigating the claims.
“The Department of Defense (DoD) is aware of press reports about Google’s security breach but has not been contacted directly,” the official told Al Jazeera’s Washington correspondent, Rosalind Jordan.
“However, as the breach involved Gmail, since those are not official DoD e-mail accounts, we are unaware if the targeted individuals are Defense employees. We would refer you to Google regarding details of its announcement, and to the FBI for details about any investigation,” the official said.
The revelation comes more than a year after Google disclosed a cyberattack on its systems that it said it traced to China, and could further strain an already tense relationship between the web giant and Beijing.
That incident also triggered a highly charged debate over the country’s censorship and rigid control of the internet. Google eventually all but pulled out of the world’s largest internet market by users.
“Investors would like to see Google figure out a way to operate in China, and capitalise on the growth of the country,” said Jim Friedland, a Cowen and Co analyst.
“It’s been a tough relationship. And this highlights that it continues to be a tough relationship,” he said.
“We recently uncovered a campaign to collect user passwords, likely through phishing,” Google said in a post on its corporate blog on Thursday. “The goal of this effort seems to have been to monitor the contents of these users’ emails.”
It “affected what seem to be the personal Gmail accounts of hundreds of users, including among others, senior US government officials, Chinese political activists, officials in several Asian countries [predominantly South Korea], military personnel and journalists.”
|In this episode of Fault Lines, Al Jazeera asks if the US is contributing to the militarisation of cyberspace|
The events leading to Google’s withdrawal from China exacerbated an often difficult relationship between Washington and Beijing, with disputes ranging from human rights to trade.
The attacks revealed on Wednesday were also the latest computer-based invasions directed at western companies. The United States has warned that a cyberattack – presumably if it is harmful enough – could result in real-world military retaliation, although analysts say it could be difficult to detect its origin with full accuracy.
Lockheed Martin Corp, the US government’s top information technology provider, said last week it had thwarted “a significant and tenacious attack” on its information systems network, though no signs pointed to a Chinese origin.
The White House said it was looking into the incident.
“We’re looking into these reports and are seeking to gather the facts,” Tommy Vietor, the White House spokesman, said. “We have no reason to believe that any official US Government email accounts were accessed.”
Jenny Shearer, an FBI spokeswoman, said: “We are aware of Google’s announcement regarding attempts to obtain passwords and gain access to these accounts. We are working with Google to review this matter.”
Cyberattacks originating in China have become very common in recent years, said Bruce Schneier, chief security technology officer at telecommunications company BT.
“It’s not just the Chinese government. It’s independent actors within China who are working with the tacit approval of the government,” he said.
|Analyst says cyberattacks originating in China have become very common in recent years [GALLO/GETTY]|
While Google said last year’s attack was aimed at its “corporate infrastructure,” the latest incident appears to have relied on tricking email users into revealing passwords, based on Google’s description in its blog post.
It said the perpetrators changed the victims’ email forwarding settings, presumably secretly sending the victims’ personal emails to other recipients.
Schneier said the details that Google had released about the email hijacking did not appear that unusual.
“For the past five years we’ve known that the Chinese conduct a lot of espionage over the internet,” he said.
The bigger question, he said, was why Google was choosing to publicise this attack now.
The company said it notified the victims and relevant governments.
“It’s important to stress that our internal systems have not been affected – these account hijackings were not the result of a security problem with Gmail itself,” Google said.
The company’s shares finished 0.7 per cent lower at $525.60.