Suspected Chinese spear-phishing attacks continue to hit Gmail users
Researcher details more bids to hijack high-value email accounts
Computerworld - Months after Google said that Chinese hackers were targeting the Gmail accounts of senior U.S. government officials, attempts to hijack Gmail inboxes continue, a researcher said Thursday.
"Once compromises happen and are covered in the news, they do not disappear and attackers don't give up or stop. They continue their business as usual," said Mila Parkour, an independent security researcher based in Washington, D.C., on her Contagio Malware Dump website.
In early June, Google announced it had disrupted a targeted phishing campaign designed to compromise Gmail accounts belonging to senior U.S. and South Korean government officials, military personnel, Chinese activists and journalists. Google said it had traced the attacks to Jinan, China, a city in eastern China that has been linked to other hacking campaigns, including one in late 2009 against Google's own network.
Parkour had revealed details of the earlier phishing attacks months before Google's June announcement.
China denied accusations that its government played a role in the attacks that accessed hundreds of accounts.
And the attacks have not stopped.
"Attackers...continue their efforts with a very slight modifications to the original themes," said Parkour.
The latest campaign baits the scam with the promise of a report titled "Blinded: The Decline of U.S. Earth Monitoring Capabilities and its Consequences for National Security" from the Center for a New American Security (CNAS), a Washington D.C. think tank.
In fact, CNAS offers that report as a free PDF download.
The emails are customized for each recipient, a common tactic in targeting attacks -- dubbed "spear phishing" by security experts -- and apparently are aimed at people associated with political and international affairs.
"Victims get a message from an address of a close associate or a collaborating organization/agency, which is spoofed," said Parkour. "The message is crafted to look like a subscription form offering to enter Gmail credentials to activate it."
Parkour also dredged up evidence of a Chinese connection to this newest campaign. She noted that the email client that sent the bogus messages was Foxmail, a free program routinely used by China-based phishing attacks, and that the server delivering the messages is based in Taiwan and has sent malicious mail before.
If a recipient falls for the trick and enters his or her Gmail username and password in the emailed form, the information is sent to the attackers via a compromised server in Houston, Texas. The criminals then use the pilfered credentials to log into the account a few hours later, and check the inbox twice each day after that.
Parkour confirmed many of the details herself by creating a Gmail account, populating it with Google alerts about human rights and military issues, as well as with malicious documents and messages from Chinese discussion groups.
"The password thieves did not delay and logged in less than two hours after the compromise," she said.
Since June, Google has deployed some new anti-phishing features, including one that displays a message when email is forwarded to another address -- as in this case -- and another that automatically shows a sender's address for mail coming from people the recipient has either not sent mail to or are not in his contact list.
"Google are aware of this, [but] there is not much they can do to prevent these from coming in," said Parkour as she urged people concerned about security to use Gmail's two-factor authentication, which sends a second password to the user's mobile phone, and to change their primary password frequently.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- The new security perimeter: Human Sensors
- Cyberattacks could paralyze U.S., former defense chief warns
- Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
- Target attack shows danger of remotely accessible HVAC systems
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts