Green Energy
Newsmax:
Gmail Hackers Had Access to Accounts for Months
Thursday, 02 Jun 2011
SHANGHAI - Hackers who broke into Google's Gmail system had access to some accounts for many months and could have been planning a more serious attack, said the cyber-security expert who first publicly revealed the incident.
Google said suspected Chinese hackers tried to steal the passwords of hundreds of Gmail account holders, including those of senior U.S. government officials, Chinese activists and journalists.
"They were not sophisticated or new, but they were invasive," said Mila Parkour, who reported the cyberattack on her malware blog in February.
"Emailing phishing messages using details from read personal messages is invasive. Plus, they maintained full email access to mailboxes for a long time," the Washington-based Parkour told Reuters. She uses a pseudonym to protect her identify.
"I covered one; they (Google) took it and uncovered many more of the same kind," she said, noting the method of attack was invasive and targeted.
Parkour was initially involved in investigating one such phishing incident, referring to the practice where computer users are tricked into giving up sensitive information, and then started to gather data on other similar incidents, she said.
Google declined to comment on the details of Parkour's report, but a source with knowledge of the matter said there were similarities between the attack she analysed and the rest of the campaign. The source declined to be identified owing to the sensitivity of the issue.
The Internet company, which was also the victim of a sophisticated hacking episode last year, gave no details about the most recent attack other than to say it had uncovered a campaign to collect user passwords, the goal of which was to monitor users' emails.
The company said its Gmail infrastructure had not been compromised.
METHOD
Parkour's analysis in February showed that the hackers emailed victims from a fake email address, which purported to be that of a close associate in order to gain their trust. The email contained a link or an attachment.
When the victims clicked on the link or document, they were prompted to enter their Gmail credentials on a fake Gmail login page created to collect usernames and passwords, after which the hackers had full access to their accounts.
In the case that Parkour studied, the victim was unknowingly in contact with the hackers between May 2010 and February 2011 according to email screenshots she posted. He received emails once or twice a month that allowed them to maintain updated access to his inbox.
"The victims were carefully selected and had access to sensitive information and had certain expertise in their area," Parkour said, adding that the victim in the case she studied thought he was replying to someone he knew.
The man had emails sent to him that purported to be from branches of the U.S. government, Parkour said.
One of the emails reads: "My understanding is that the State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike."
Parkour said the Gmail attacks could be a staging ground for a more serious attack using malicious software, or malware. Many of the Gmail accounts were personal email accounts of personnel with access to sensitive information, some of whom could have forwarded their work emails to their personal Gmail accounts.
"Gathered information could help in the next attack, which could be a malware attack , after which the attackers could gain access to corporate and government networks when the victims log in from a compromised PC," she said.
Parkour said evidence of that was found in an antivirus script used by the hackers to reveal what type of software the victim had installed on his computer.
"The only reason you want to know what (version of Microsoft) Office you have and what antivirus you have is to be able to infect it in the future," said Parkour.
- “secret Accounts Also Drive Perceptions That Government Officials Are Trying To Hide Actions Or Decisions”
DUHSome of President Barack Obama’s political appointees, including the Cabinet secretary for the Health and Human Services Department, are using secret government email accounts they say are necessary to prevent their inboxes from being overwhelmed...
-
Google Wants Password123 In Museum Of Bad Headaches From Will at THE OTHER NEWS:YubiKey (Phys) Should typed passwords ever make their way into the Memory Bin, no tears will be shed in certain quarters at Google. The search giant is taking a serious look...
-
WaPo: Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert saysBy Ellen NakashimaForeign hackers broke into a water plant control system in Illinois last week and damaged a water pump in what may be the first reported...
- Blogger And Email Problems
UPDATE: My email is no longer working. I have no access to my email account. Someone, or something, has changed my password. When I go through the prompts to access my password, and I enter the answers, Yahoo tells me my answers are wrong. That is not...
- Be Careful Out There!!
Police scareware scam continues to target AustraliansMarch 2013: SCAMwatch is urging people to continue to be alert to a scareware scam where scammers posing as the Australian Federal Police (AFP) try to scare you into handing over money to regain control...
Green Energy
HEY! Maybe Weiner was hacked by. . .
Newsmax:
Gmail Hackers Had Access to Accounts for Months
Thursday, 02 Jun 2011
SHANGHAI - Hackers who broke into Google's Gmail system had access to some accounts for many months and could have been planning a more serious attack, said the cyber-security expert who first publicly revealed the incident.
Google said suspected Chinese hackers tried to steal the passwords of hundreds of Gmail account holders, including those of senior U.S. government officials, Chinese activists and journalists.
"They were not sophisticated or new, but they were invasive," said Mila Parkour, who reported the cyberattack on her malware blog in February.
"Emailing phishing messages using details from read personal messages is invasive. Plus, they maintained full email access to mailboxes for a long time," the Washington-based Parkour told Reuters. She uses a pseudonym to protect her identify.
"I covered one; they (Google) took it and uncovered many more of the same kind," she said, noting the method of attack was invasive and targeted.
Parkour was initially involved in investigating one such phishing incident, referring to the practice where computer users are tricked into giving up sensitive information, and then started to gather data on other similar incidents, she said.
Google declined to comment on the details of Parkour's report, but a source with knowledge of the matter said there were similarities between the attack she analysed and the rest of the campaign. The source declined to be identified owing to the sensitivity of the issue.
The Internet company, which was also the victim of a sophisticated hacking episode last year, gave no details about the most recent attack other than to say it had uncovered a campaign to collect user passwords, the goal of which was to monitor users' emails.
The company said its Gmail infrastructure had not been compromised.
METHOD
Parkour's analysis in February showed that the hackers emailed victims from a fake email address, which purported to be that of a close associate in order to gain their trust. The email contained a link or an attachment.
When the victims clicked on the link or document, they were prompted to enter their Gmail credentials on a fake Gmail login page created to collect usernames and passwords, after which the hackers had full access to their accounts.
In the case that Parkour studied, the victim was unknowingly in contact with the hackers between May 2010 and February 2011 according to email screenshots she posted. He received emails once or twice a month that allowed them to maintain updated access to his inbox.
"The victims were carefully selected and had access to sensitive information and had certain expertise in their area," Parkour said, adding that the victim in the case she studied thought he was replying to someone he knew.
The man had emails sent to him that purported to be from branches of the U.S. government, Parkour said.
One of the emails reads: "My understanding is that the State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike."
Parkour said the Gmail attacks could be a staging ground for a more serious attack using malicious software, or malware. Many of the Gmail accounts were personal email accounts of personnel with access to sensitive information, some of whom could have forwarded their work emails to their personal Gmail accounts.
"Gathered information could help in the next attack, which could be a malware attack , after which the attackers could gain access to corporate and government networks when the victims log in from a compromised PC," she said.
Parkour said evidence of that was found in an antivirus script used by the hackers to reveal what type of software the victim had installed on his computer.
"The only reason you want to know what (version of Microsoft) Office you have and what antivirus you have is to be able to infect it in the future," said Parkour.
- “secret Accounts Also Drive Perceptions That Government Officials Are Trying To Hide Actions Or Decisions”
DUHSome of President Barack Obama’s political appointees, including the Cabinet secretary for the Health and Human Services Department, are using secret government email accounts they say are necessary to prevent their inboxes from being overwhelmed...
-
Google Wants Password123 In Museum Of Bad Headaches From Will at THE OTHER NEWS:YubiKey (Phys) Should typed passwords ever make their way into the Memory Bin, no tears will be shed in certain quarters at Google. The search giant is taking a serious look...
-
WaPo: Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert saysBy Ellen NakashimaForeign hackers broke into a water plant control system in Illinois last week and damaged a water pump in what may be the first reported...
- Blogger And Email Problems
UPDATE: My email is no longer working. I have no access to my email account. Someone, or something, has changed my password. When I go through the prompts to access my password, and I enter the answers, Yahoo tells me my answers are wrong. That is not...
- Be Careful Out There!!
Police scareware scam continues to target AustraliansMarch 2013: SCAMwatch is urging people to continue to be alert to a scareware scam where scammers posing as the Australian Federal Police (AFP) try to scare you into handing over money to regain control...