Massive Gmail phishing attack hits top U.S. officials

@CNNMoneyTech June 2, 2011: 2:22 PM ET
gmail-phishing.top.jpg

NEW YORK (CNNMoney) -- Hundreds of personal Gmail accounts, including those of some senior U.S. government officials, were hacked as a result of a massive phishing scheme originating from China, Google said Wednesday.

The account hijackings were a result of stolen passwords, likely by malware installed on victims' computers or through victims' responses to e-mails from malicious hackers posing as trusted sources. That type of hack is known as phishing. Gmail's security systems themselves were not compromised, Google said.

The company believes the phishing attack emanated from Jinan, China. In addition to the U.S. government personnel, other targets included South Korean government officials and federal workers of several other Asian countries, Chinese political activists, military personnel and journalists.

"The Department of Homeland Security is aware of Google's message to its customers," said Chris Ortman, a spokesman for the agency. "We are working with Google and our federal partners to review the matter, offer analysis of any malicious activity, and develop solutions to mitigate further risk."

Secretary of State Hillary Clinton addressed the issue Thursday morning.

"Google informed the State Department of this situation yesterday in advance of its public announcement," she said. "These allegations are very serious, we take them seriously, we're looking into them, and because this will be an ongoing investigation I would refer you to first Google for any details that they are able to share at this time, and to the FBI, which will be conducting the investigation."

Federal Bureau of Investigation spokesman Paul Bresson said the agency is working with Google and with U.S. government agencies "to review this matter further to identify the origin of this campaign and to see what information may have been compromised." He declined to comment further on the investigation.

The news comes a little more than a year after a separate hack originating from China affected Gmail accounts of Chinese human rights activists. In that case, attackers were able to break through Google's security systems, and two Gmail accounts were hacked.

That cyber attack set off a series of events that eventually led to Google ending its agreement with the Chinese government to censor certain search results, and the company physically moved its servers out of the country.

On Thursday, after the most recent cyber attack, a Chinese official insisted that his government takes the attacks seriously.

"We firmly oppose computer hacking or any illegal activity that harms net security and will severely punish anyone engaging in such activity according to law," said foreign ministry spokesman Hong Lei. "Computer hacking is an international problem and China is also a victim. Any accusation linking China to such activity is baseless and with ulterior motives."

This time around, the hack appears larger in scope -- but Google itself was not attacked. A person with knowledge of the attack's details said there was no apparent correlation between last year's attack and this one.

A spokesman from Google declined to comment on how the company obtained the information about the most recent hack. Public information, user reports and a third-party hacking blog called Contagio was used to determine the scope, targets and source of the attack.

Google (GOOG, Fortune 500) said it notified the victims and disrupted the campaign.

The hackers were attempting to monitor the victims' e-mails, and some users' forwarding settings were altered.

The company urged users to "please spend ten minutes today taking steps to improve your online security so that you can experience all that the Internet offers -- while also protecting your data."

Google provided several examples of how Gmail users can better protect themselves from phishing attacks on its blog, including enabling a setting that allows users to login to their accounts only after receiving a verification code on their phones. The company also suggested that users monitor their settings for suspicious forwarding settings.

-CNN's Carol Cratty contributed to this report To top of page

CNNMoney Sponsors
Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.