Google is using automated warnings to alert users of its GMAIL messaging service about wide spread attempts to access personal mail accounts from Internet addresses in China. The warnings may indicate wholesale spying by the Chinese government a year after the Google Aurora attacks or simply random attacks. Victims include one leading privacy activist.
Warnings appeared when users logged onto Gmail, encountering a red banner reading “Your account was recently accessed from China,” and providing a list of IP addresses used to access the account. Users were then encouraged to change their password immediately. Based on Twitter posts, there doesn’t seem to be any pattern to the accounts that were accessed, though one target is a prominent privacy rights activist in the UK who has spoken out against the Chinese government’s censorship of its citizens.
A Google spokesman declined to comment on the latest warnings specifically. The company has been issuing similar warnings since March when it introduced features to identify suspicious account activity.
Alexander Hanff of Privacy International in the UK said he saw the warning when he accessed a GMAIL account Thursday morning. Hanff set up the personal account, which he created in 2005 when he operated the Torrent Web site DVDR-Core, an early target of the Motion Picture Association of America in its battle to stop copyright piracy. Hanff said he immediately changed the password, at Google’s suggestion, and said the attempts to access his account from China were recent – occurring within the past couple months.
He only rarely accesses the account and does not use it for e-mail related to his work for Privacy International. Still, he said the account is easily discoverable online for those looking to contact him via e-mail, which might have made it a target.
However, a survey of other GMAIL users who were warned suggests that the China-based attacks were widespread and lacked a clear pattern. Andrew Turnbull, editor of The Extraordinary Marketing Blog and a recent business school graduate from Alberta, Canada was one. Others included media consultants, doctors and gamers from the U.S., Canada, Columbia and countries in Europe – most without any clear personal or professional connection to China.
Hanff, of Privacy International, said he believed the three attacks on his account were random, not targeted at him as a privacy rights advocate. Those who accessed his account wouldn’t have had access to any sensitive information related to his work for Privacy International, but would have found “a hell of a lot of spam,” Hanff said.
However, he acknowledges that he may have come to the attention of the Chinese Government after a speech he gave at a EU-China Human Rights Network seminar that was attended by high level Chinese government officials. Hanff said he spoke about issues such as freedom of speech, differences between Europe and China and China’s record of suppressing free speech.
Its not clear how the accounts were compromised. It is known that Google and its GMAIL messaging system, along with the networks of other high profile U.S. and European firms, were the targets of attackers believed to be affiliated with the Chinese Military. Those attacks, code named “Aurora” temporarily caused a rift in relations between the search giant and the Chinese government, with Google suspending all filtering of its search results in China. Recently, experts have warned that a new round of attacks similar to the original Aurora attacks had been detected, though its unclear if the e-mail hacking is related to that wave of activity.
Hanff, along with other users, said he appreciated the warning.
“For once google did something ethical. I was suprirsed to see that,” he told Threatpost.com. However, Hanff said offering a feature to limit account access by IP address would do more to remove the threat of attacks such as the one his account suffered.