Security Blog

The latest news and insights from Google on security and safety on the Internet

Security warnings for suspected state-sponsored attacks

5. Juni 2012
Share on Twitter Share on Facebook
Google

32 Kommentare :

Kevin hat gesagt…

I still wonder how. Some custom plugin or HTTP header?

5. Juni 2012 um 15:42
Unknown hat gesagt…

Except when it comes to USGov intrusion, which is where Google makes half its money.

5. Juni 2012 um 15:53
Richard Teahon hat gesagt…

I know you guys have been getting some bad press lately, and as an SEO I can understand why, but I can only compliment you in this move to alert people who are probably going to be hit by trying to be good, no scrub that, outstanding citizens by trying to bring the truth to the masses.
It is hard enough for us to get the message across in the west, in places where state sanctioned violence is commonplace, say Syria for example, then this initiative by Google is invaluable.
It does in my book keep you above Microsoft.

5. Juni 2012 um 16:37
Ken Montenegro hat gesagt…

Does this include activity from government actors such as municipal and state police forces? how about federal agencies (or .gov IP blocks)? Thanks!

5. Juni 2012 um 16:37
Mike hat gesagt…

Wow.

5. Juni 2012 um 17:05
Ian Danforth hat gesagt…

I applaud this warning and would only hope that in cases where evidence is strong enough the state in question is identified to the user.

5. Juni 2012 um 17:08
Unknown hat gesagt…

This is helpful information, we will help spread the word.

5. Juni 2012 um 17:25
robinm hat gesagt…

Why would an end user care? Surely this is state-sponsored propaganda?

5. Juni 2012 um 17:29
Adriel hat gesagt…

I'd imagine that the people who are targeted by these attacks will know exactly which state would be interested in hacking into their account. Good on ya Google.

5. Juni 2012 um 18:25
Unknown hat gesagt…

Any chance of a link to the page?

5. Juni 2012 um 19:43
Arron Ferguson hat gesagt…

If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account.

I had this happen a few months ago. I got a rather worthless message after the fact (I did have a secondary email registered for such reasons) stating that my account had been compromised and I was alerted that there were current sessions open (in the Eastern block of Europe - I'm in Canada).

What boggles my mind is that Google's "crack security team" here had really nothing to offer other than "close the sessions" and change the password.

What Google and you are telling the entire world is that Google's security team is lazy; rather than just detect and log the incident, how about block/ignore/redirect brute force requests/logins?

Seriously, you guys want us to trust you with something like Google+ and this is what you have to offer for security? Fail!

5. Juni 2012 um 20:04
ASMR hat gesagt…

Wow... Are there enough people wearing white collars and eating Swanson TV dinners to strike the fear nuclear war into everybody?

5. Juni 2012 um 21:51
Anonym hat gesagt…

Since New York Times recently reported that Stuxnet is a US State Sponsored Cyber virus - which if you recall was accidentally released into the wild and affected and attacked innocent end-user machines as collateral damage, and with the ongoing US-Israeli state sponsored cyber warfare weapons of mass destruction (operation Olympic Games) including the more recent Duqu and Flame virus.... can Google clarify if through its detailed analysis as well as victim reports if Google will apply the same standards and warn end-users of these domestic state sponsored attacks as well? Or are exceptions of convenience made in these cases due to the close and special ties that Google has with the US intelligence agencies and the confirmed but secret and classified collaboration that the Google has with the CIA and NSA in regards to GMail and Google Accounts?

5. Juni 2012 um 22:52
林忌 hat gesagt…

It's from the PRC

People Republic of China

5. Juni 2012 um 23:29
Julieta Lionetti hat gesagt…

Google, I'm impressed by you going out on a limb so far. I applaud this warning and will help spread the word.

Well, you are not being evil, after all.

5. Juni 2012 um 23:43
Bibin hat gesagt…

Non US sponsored attacks - right ??

6. Juni 2012 um 00:18
Tenpa Gurmey Khangsar hat gesagt…

I THINK THEY ARE TAKING ABOUT CHINESE GOVERNMENT

6. Juni 2012 um 01:05
randall hat gesagt…

On a lighter note, hikingfan lives a more interesting life than I figured if he's attracted the attention of state actors.

6. Juni 2012 um 01:19
Anonym hat gesagt…

I believe it should be at a macro level by determining how many users will be affected by same pattern etc.. (using complex methods like geography, type of users, area of attack and so on..)

regards
www.diaryfolio.com

6. Juni 2012 um 02:30
ArthurX hat gesagt…

I think it's good to warn users of suspicious activities, but my guess is that there also are activities like US surveillance that will not be announced, because of local court orders. Google is in no way independent.

6. Juni 2012 um 05:36
Adrian hat gesagt…

Will Google alert users possibly infected by other types of malware than DNSChanger and not connected with certain .gov-targeted attacks?

For example i'm infected with some type of rootkit, which added my PC to botnet. My AV system doesn't alerts me - do Google system will alert me?

6. Juni 2012 um 06:15
Unknown hat gesagt…

...good step in the right direction, if and only if there would be no bias with respect to the states behind the attacks...

6. Juni 2012 um 07:32
Anonym hat gesagt…

@Adrian: no, I'm pretty certain that this is simply identifying known or likely items within an email that you receive.

@eroei1021: given that Stuxnet, Duqu, Flame do not, to the best of my knowledge, rely on phishing emails as a delivery vector, this would not apply to them.

6. Juni 2012 um 10:28
Fellow Traveler hat gesagt…

This entire page requires a premise that states do not act for our good -- but that they instead often act maliciously.

What steps can we take to insure that authorities and majorities are not able to trample on our rights to life, liberty, and property?

6. Juni 2012 um 12:22
Unknown hat gesagt…

"We can’t go into the details without giving away information that would be helpful to these bad actors ..." and we would never dream of sharing and technical insights that might help the competition provide you the same level of security as we do, that would affect our bottom line. Right?

Oh, and could you please get one of your writers to pick a dictionary and use a slightly more specific qualifier than 'bad' for the actors? What is 'bad' anyway? Sure Google is a young high tech company, but dismissing 2000 years of research into human morality by using such childish language : 'the good guys vs. the bad guys' is way below the level of maturity we've come to expect out of google.

6. Juni 2012 um 13:10
makaseh hat gesagt…

With Makaseh (makaseh.wordpress.com) this will not possible. Data can only be exchanged with the makaseh ids created. Data intercepted, copied or shared without authorization by the originator cannot be viewed and any attempt to break it, will send a cautionary note to the originator with the ip address, email details etc. Repeated attempts may even lead to the deactivation of the culprit userid.

10. Juni 2012 um 00:37
makaseh hat gesagt…

If self promotion is shameless, how about companies that intrude privacy, steal information from data stored and use it for profit.

11. Juni 2012 um 02:59
DonFphrnqTaub ʻ Persina ʻ Persina ʻ Persina ʻ Persina hopiakuta kutahopia altacalifernia altacalifernian altacalifernean altacaliferni altacalifernea altacaliferne altacalifern altacalifer altacalife hat gesagt…

« state-sponsored »‽ Florida, Iran, North Korea‽

This captcha is not disability accessible.

12. Juni 2012 um 20:25
AvelWorldCreator hat gesagt…

Given that you provide a similar service for detecting improper email access, I'd be concerned. I've seen a quite definite fail of that service with my mother's GMail account. Apparently someone was remote accessing her account using an email program (not a browser) to comb her contacts and send spam. We are in the Central U.S.A. Her account IP log showed the two hits from someone in Mexico, yet the service did not detect, or flag, this irregular IP address.

13. Juni 2012 um 21:47
Ellie K hat gesagt…

@AvelWorldCreator: That is a good point. I am familiar with that light blue framed page from Google Gmail. It provides a record of IP addresses and approximate locations, at a country level (and for the U.S., at state but not city level) from where one's account was recently accessed. About a year ago, I received an email from Google Gmail, advising me that there may have been some unusual recent activity on my account. It was mildly worded, nothing about powers of a foreign nation or such. Indeed, there was multiple access from 2 different IP's in Iran via IMAP or POP, and 3 from Arizona, via browser. All were within a 24-hour interval. I have never accessed Gmail from anywhere other than Arizona, so it was a good catch by Gmail.

On the other occasion, I did not receive any warning. I had just happened to check the same unusual activity link, which often resides at the footer of my Gmail inbox screen, even when all is well. Reddit offers a similar feature, in fact. So anyway, I was curious, given the Arizona-and-Iran incident of a few weeks prior. I was surprised to find a pattern of access, in alternating sequence, at less than 60 minute intervals, between my Arizona IP address and one in Washington State. Once again, Arizona access was by browser, and the other IP via IMAP. I tracked the latter to Amazon dot com's legal department. I never found out why they (or someone using EC2 or AWS perhaps?) would be reading my email. Nor did Google flag this as unusual activity.

I took screen shots, both times, but have no idea who to send it to. Or if Google would even consider it pertinent. I can't imagine why anyone, whether Iran or Amazon dot com, would want to access my boring and inconsequential information. Botnet perhaps, for spam purposes? Well, not by Amazon!

@Eric Grosse of Google Security Engineering: What is the difference is between the IP notification screen that I just alluded (at excessive length) and this new notification? Yes, I realize that they appear in different places, and have different wording. But does the Gmail-related anomalous IP message have any relationship to, or is it indicative of, the same problems flagged by this new message i.e. if I am afflicted by one problem, am I also compromised by the other?

14. Juni 2012 um 07:46
Anonym hat gesagt…

This is great news. Thank you google for helping us combat these perpetrators.

20. August 2012 um 11:09
Anonym hat gesagt…

I saw this security warning the other day and i was baffled to say the least. It was right after I was looking at home security systems reviews online too. What a coincidence.

13. Februar 2013 um 18:47

Kommentar veröffentlichen

  

Labels


  • #sharethemicincyber
  • #supplychain #security #opensource
  • android
  • android security
  • android tr
  • app security
  • big data
  • biometrics
  • blackhat
  • C++
  • chrome
  • chrome enterprise
  • chrome security
  • connected devices
  • CTF
  • diversity
  • encryption
  • federated learning
  • fuzzing
  • Gboard
  • google play
  • google play protect
  • hacking
  • interoperability
  • iot security
  • kubernetes
  • linux kernel
  • memory safety
  • Open Source
  • pha family highlights
  • pixel
  • privacy
  • private compute core
  • Rowhammer
  • rust
  • Security
  • security rewards program
  • sigstore
  • spyware
  • supply chain
  • targeted spyware
  • tensor
  • Titan M2
  • VDP
  • vulnerabilities
  • workshop


Archive


  •     2025
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2024
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2023
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2022
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2021
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2020
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2019
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2018
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2017
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2016
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2015
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2014
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2013
    • Dez.
    • Nov.
    • Okt.
    • Aug.
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2012
    • Dez.
    • Sept.
    • Aug.
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
    • Jan.
  •     2011
    • Dez.
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Juni
    • Mai
    • Apr.
    • März
    • Feb.
  •     2010
    • Nov.
    • Okt.
    • Sept.
    • Aug.
    • Juli
    • Mai
    • Apr.
    • März
  •     2009
    • Nov.
    • Okt.
    • Aug.
    • Juli
    • Juni
    • März
  •     2008
    • Dez.
    • Nov.
    • Okt.
    • Aug.
    • Juli
    • Mai
    • Feb.
  •     2007
    • Nov.
    • Okt.
    • Sept.
    • Juli
    • Juni
    • Mai

Feed

Follow
Give us feedback in our Product Forums.
  • Google
  • Privacy
  • Terms