Google Warning Gmail users on China Spying Attempts

Google is using automated warnings to alert users of its GMAIL messaging service about wide spread attempts to access personal mail accounts from Internet addresses in China. The warnings may indicate wholesale spying by the Chinese government a year after the Google Aurora attacks or simply random attacks. Victims include one leading privacy activist. 

Google is using automated warnings to alert users of its GMAIL messaging service about wide spread attempts to access personal mail accounts from Internet addresses in China. The warnings may indicate wholesale spying by the Chinese government a year after the Google Aurora attacks or simply random attacks. Victims include one leading privacy activist. 

Warnings appeared when users logged onto Gmail, encountering a red banner reading “Your account was recently accessed from China,” and providing a list of IP addresses used to access the account. Users were then encouraged to change their password immediately. Based on Twitter posts, there doesn’t seem to be any pattern to the accounts that were accessed, though one target is a prominent privacy rights activist in the UK who has spoken out against the Chinese government’s censorship of its citizens. 

A Google spokesman declined to comment on the latest warnings specifically. The company has been issuing similar warnings since March when it introduced features to identify suspicious account activity.  

Alexander Hanff of Privacy International in the UK said he saw the warning when he accessed a GMAIL account Thursday morning. Hanff set up the personal account, which he created in 2005 when he operated the Torrent Web site DVDR-Core, an early target of the Motion Picture Association of America in its battle to stop copyright piracy. Hanff said he immediately changed the password, at Google’s suggestion, and said the attempts to access his account from China were recent – occurring within the past couple months. 

He only rarely accesses the account and does not use it for e-mail related to his work for Privacy International. Still, he said the account is easily discoverable online for those looking to contact him via e-mail, which might have made it a target. 

However, a survey of other GMAIL users who were warned suggests that the China-based attacks were widespread and lacked a clear pattern. Andrew Turnbull, editor of The Extraordinary Marketing Blog and a recent business school graduate from Alberta, Canada was one. Others included media consultants, doctors and gamers from the U.S., Canada, Columbia and countries in Europe – most without any clear personal or professional connection to China. 

Hanff, of Privacy International, said he believed the three attacks on his account were random, not targeted at him as a privacy rights advocate. Those who accessed his account wouldn’t have had access to any sensitive information related to his work for Privacy International, but would have found “a hell of a lot of spam,” Hanff said.

However, he acknowledges that he may have come to the attention of the Chinese Government after a speech he gave at a EU-China Human Rights Network seminar that was attended by high level Chinese government officials. Hanff said he spoke about issues such as freedom of speech, differences between Europe and China and China’s record of suppressing free speech. 

Its not clear how the accounts were compromised. It is known that Google and its GMAIL messaging system, along with the networks of other high profile U.S. and European firms, were the targets of attackers believed to be affiliated with the Chinese Military. Those attacks, code named “Aurora” temporarily caused a rift in relations between the search giant and the Chinese government, with Google suspending all filtering of its search results in China. Recently, experts have warned that a new round of attacks similar to the original Aurora attacks had been detected, though its unclear if the e-mail hacking is related to that wave of activity. 

Hanff, along with other users, said he appreciated the warning. 

“For once google did something ethical. I was suprirsed to see that,” he told Threatpost.com. However, Hanff said offering a feature to limit account access by IP address would do more to remove the threat of attacks such as the one his account suffered.  

change my password as recommended. Whether find my way back into that I don’t. Tweeted about it: 
shortly after. If goog wanted to protect me: give option of ip range authorized to access account. may 
be something that they’ll think about 

Suggested articles

Discussion

  • JohnnyB on

    I just wish that Google would open up it's Google Apps Premier feature that allows login via SAML or OpenID authentication.  Currently I use Clavid for OpenID authentication for a number of sites including Facebook.  Clavid allows you to set up two-factor authentication, using digital certificates, One Time Passwords and YubiKey for Free or you can pay for other two-factor mechanisms including SMS, email, SassieID etc.

  • Anonymous on

    The Chinese Government was coordinating the Aurora Attacks, and the recent ones. Hacker's aren't that organized, for such a full scale attack.

  • Derek Clarke on

    Gmail can't limit access by IP address by default as otherwise the usefulness of being able to access your mail from anywhere would cease. However a user-configurable option would be handy.

  • Anonymous on

    Google should be able to add per-user options for filtering/allowing access from certain IP address ranges/locales (e.g. Americas, UK etc.)

  • Anonymous on

    Fer cryin' out loud! You care about who accesses 'your' gmail email account?? It is NOT your account, it belongs to GOOGLE. Pay for your own, or run your own server, and then consider the security of your account. Otherwise there is none, unless Google wishes to safeguard your info- and we all know how that works. Why try to secure a connection to the MITM?
  • Anonymous on

    Some of the hacker(s)  threats do come from the server of the CNC Group, Beijing, and they do not only hit gmail but hotmail, too.

  • Pierpaolo on

    My email was hacked by a chinese company, someone sent offers around through my email. I contacted Google and I was told to change the password and that they are not a law enforcement agency so they can't do anything. I found the whole thing very frustrating as despite all the warning they don't don't do anything!

  • Anonymous on

    Fer cryin' out loud! You care about who accesses 'your' gmail email account?? It is NOT your account, it belongs to GOOGLE. Pay for your own, or run your own server, and then consider the security of your account. Otherwise there is none, unless Google wishes to safeguard your info- and we all know how that works. Why try to secure a connection to the MITM?
    Not everyone can afford there own server m8
  • Anonymous on

    "a survey of other GMAIL users who were warned suggests that the China-based attacks were widespread and lacked a clear pattern."

    How did the person writing this post identify those people? Twitter?

    Also, this seems to suggest if the warning was sent out, it means the account really was compromised. Personally, I have received the warning several times. I live in China and sometimes access through a VPN, so it might appear that my account was accessed from the US, and 30 minutes later from China. Many other people I know do the same.  I wonder if we are counted as people who's accounts have been attacked.

  • Flood on

    Limit the access for too large group of IP address is not a good solution at all, it's even worst!

    If you say, block China... then what? a little proxy anywhere else and it's bypassed! If you say, only USA... then it's the same, proxy in USA are easy to get!

    And the consequences of using that kind of IP limitation are much bigger:
     - feel same, but not safe at all
     - don't know the source of the attacks
     - investigation on the attack get more complex as there is a new hop in the process and that hop may not log anything that will help you get the information
     - the day you will be out of that area, you cannot access anything

    Also, having your own email server is not as safe as you could think! How many times you look at the logs to see if someone accessed your e-mail?! Setup and maintain a server cost a lot of time. If you use a service like dreamhost, cheap and easy to use, then it's almost the same, the e-mail are on a shared server.

    The biggest problem is that e-mail are anonymous. They are coming from a really old technology. If someone received an e-mail "from you" and it's spam... it doesn't mean that your e-mail account was compromised. It's only saying that your e-mail address was used in the "From:" parameter...

    So, a warning, telling you from where it was accessed, is a good help.

    Regards,

    P.S. Change your password!

  • Jo Dean on

    LOL, Doesnt China have anythign better to do?

    www.privacy-web.cz.tc

  • Anonymous on

    Most emails are just chatter anyway, so if China wants to read a lot of nothing they sure waste a lot of time and energy for nothing.

  • Anonymous on

    www.khourjavan.com
  • MrPrivacy on

    There are better ways than gmail to communicate online and protect your privacy.  ThreadThat.com is a new site that provides privacy, security and encryption for free.  

  • meeeeee on

    what an idiot!  going by that logic, any money you have in the bank account no longer belongs to you, it belongs to the bank, and if you want it to be secure you should pay for your own financial advisor to manage it?  Only an idiot would PAY for their own personal email account when there are so many free options available, so yes, i do expect google to safeguard my info, they make money from their users via advertisments and lots of other income streams as opposed to robbing them blind for email premiums, and if a military organisation wants to hack email accounts, they will do it on any platform, so i cant blame google, for the most part, im extremely pleased with my gmail account.

  • Joe P on

    Secure Email system ====================> Blame it on china while zionists are reading all your emails. The most secure email system is to download your email every 10 minutes to your computer and take backups on removable HDD every week or month as per your disaster recovery plan.
  • Roy on

    My email account was accessed twice on September 27, 2010 once from Mexico and once from Sweden.  Google immediately locked it and notified me to change my password which I did.  My account received a great many silly messages on that date which were sent on to other people who were not known to me (according to my "sent messages" file)

    Has anyone else had this happen? Was this an attack?

  • Anonymous on

    My email was hacked into this morning and they sent out bogus email trying to get money from the people in my contact list. I found out the email that had hacked into my computer which was westty@live.com  and the ip address was from nigeria I have the ip number, I wish I could report this to someone. Does anyone have any suggestions??????

  • matt on

    mine was accessed and my entire contact list was sent an email about "a new website i want to introduce to you."

  • Simon De Montfort on

    Gmail is being hacked alright - but it's not a brute force thing. The word is, there's a fundamental security flaw in Google's authentication system that Google doesn't dare admit exists. They must be working on fixing it - but these unauthorized accesses have been going on for over a year, which suggests they haven't a clue!

    So, don't use Gmail for anything important or anything you wouldn't want an anonymous Chinese hacker reading, people!

  • Anonymous on

    But how can passwords be hacked ????

  • Tom on

    115.148.213.92 THIS STATIC IP ADDRESS FROM CHINA/BEIJING HACKED INTO MY GMAIL ACCOUNT, FUCKING FAGGOTS!!!!!!!!!!!!!
    THEY DIDN'T HACKED INTO MY COMPUTER NOR DO I HAVE ANY VIRUSES, THEY HACKED STRAIGHT INTO MY GMAIL FROM GOOGLE.
    I WANNA PAY THEM A VISIT AND BEAT THE SHIT OUTTA THEM!!!!!!!!!!!!!
    AND IF YOU WANNA KNOW HOW THEY HACKED INTO YOUR GMAIL, BLAME THE US GOVERNMENT, READ HERE:
    http://articles.cnn.com/2010-01-23/opinion/schneier.google.hacking_1_chinese-hackers-access-system-google?_s=PM:OPINION

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.