The recent announcement by Google that a number of users Gmail accounts have been hacked into has ratchet up the debate on cyber war between China and the US. The importance of this report relates to the fact that these Gmail accounts were held and sued by senior US and South Korean government officials as well as Chinese political activists.
Google claims that it had discovered and alerted hundreds of users who had been duped by a carefully targeted “phishing” scam. The method used – called spear phishing – is not new but can be particularly successful when targeted properly.
A spear phishing attack occurs when a victim receives an email from a familiar address of a close associate or a collaborating organisation/agency. However, the address has been spoofed [falsely generated] and the email comes from the hackers. Usually the email has some form of attachment which needs a viewer – when clicked on, the user is directed to a fake Gmail login page for harvesting login details of the user.
Once the hackers had the password details of the user, the hacker would log into the Gmail account and create rules to forward all incoming mail to another account without the user’s knowledge. Often the other Gmail account ID is made to closely resemble the victim’s ID so as to reduce suspicion. From that point on, the spurious Gmail account is frequently accessed remotely and all incoming emails downloaded to a central location and the emails deleted from the Gmail account.
By this method, the hacker(s) can begin to create a patchwork of communications between various users and organisations. It has been indicated that these hacking attempts originated from Jinan, the capital of Shandong province. While there is no direct evidence that the hackers are located in Jinan or are in the pay of the Chinese government, the dedication of the attacks and their highly targeted nature eliminates direct financial gain as a motive. Technology watchers haven’t ruled out the possibility of the attack being state-sponsored.
However, it should be noted that the main reason that the Gmail accounts were selected in the first place is that they were thought to have contained some useful information related to the users work. Though we don’t know the identity of the users, it has been suggested that elements within the White House and Senate have been users plus South Korean government officials.
It is a fact that many White house officials choose to use external email accounts rather than the government approved ones for certain emails. The users are aware that government emails are archived and my be the subject of later legal actions, investigations or being placed in public archives. For this reason, they have chosen to use Gmail addresses for certain subjects or contacts. This happened during the Bush presidency too so that many subjects are absent from official correspondence.
What does this mean for your business or organisation? We are all prone to hacking attempts though mainly for commercial gain for scammers seeking bank account numbers, credit cards, passwords etc.
You need to brief email users as to the perils of `spear phishing’ attacks and the spoofing of addresses. One negligent click on a smart phone could expose company details to the outside world.
And what are your corporate policies on people using Gmail, Yahoo etc accounts for business or organisation communications? Is this acceptable? What happens when a smart phone is lost or the user leaves the business? Those email may be lost with no auditable trace of what was agreed with clients, customers etc
It’s not just the White House that needs to review policy and security – these hackers may be targeting you.
Do you need to know more about our services and how Regents can assist you with computer forensics and data recovery? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.