Google turns up the heat on China’s state-sponsored hackers

padlockIn an interesting development, Google this week announced that it would be notifying its Gmail users if they are under attack from state-sponsored hackers.

The web giant will flash up a red alert warning if it suspects foul play, hoping to spur its users into taking action to protect their account.

Google VP of security engineering Eric Grosse had the following:

Here are some things you should do immediately: create a unique password that has a good mix of capital and lowercase letters, as well punctuation marks and numbers; enable 2-step verification as additional security; and update your browser, operating system, plugins, and document editors. Attackers often send links to fake sign-in pages to try to steal your password, so be careful about where you sign in to Google and look for in your browser bar. These warnings are not being shown because Google’s internal systems have been compromised or because of a particular attack.

Rather cryptically, Google said it couldn’t divulge exactly how it knows when state-sponsored actors are at work, so I guess users just have to put their faith in the company.

The move is a positive one for the user community – any additional measures to help educate users and protect the internet community at large are a bonus in this day of advanced cyber threats.

But just as interesting is the message Google is sending to that number one source of state-sponsored hacking: China. Just a week earlier the web giant, which famously pulled its search servers from the People’s Republic after the Operation Aurora APT-style hacking campaign hit its staff, announced new anti-censorship capabilities.

Well, to be more precise it said it would tell users – for the first time in China – when their search results were being blocked by the Great Firewall, a move which will not have gone down well in Beijing.

Now Google is at it again – under the guise of securing its users, it is making things more difficult for China’s army of state-sponsored hackers.

Not that it will deter them in any meaningful way – most will still be able to find their way into a target network if they really need to, which is what makes APTs so difficult to defend against.

Rob Forsyth, APAC director for security firm Sophos, told me that “irrespective of the validity of the threat, Google’s advice is good”.

“In these troubled times with organisations being breached, this has never been more important, in particular, do not have the same password on multiple social networking sites,” he added. “Long passwords = good.”

But how does Google actually know if an attack is state-sponsored? Well, it all comes down to the code base, according to Forsyth.

“You can tell if a single person has written/compiled it, or whether a large team has been involved,” he said.

“Further, it often has to do with the payload – what is the malware trying to do?  Espionage will look different to attacks focused on avarice.”

Interesting times for Google and China – I wonder what the Party thinks of the latest developments?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s