Google Points To China As Source Of 'Targeted' Gmail Phishing Attack

Chinese officials are on the defensive after Google fingered China as the source of a sophisticated phishing attack targeting many high profile Gmail account holders, including U.S. government officials. But security experts says the attack, if true, continues a growing trend of sophisticated attacks used by nation states for cyber espionage purposes.

In a blog post Wednesday, Google said that it discovered a targeted phishing campaign appearing to be sourced from Jinan, China , affecting hundreds of Gmail users, including senior U.S. government officials, Chinese political activists, officials in South Korea and other Asian countries, as well as military personnel and journalists.

Google said that the phishing campaign, executed by stealing users' passwords, was launched in an effort to infiltrate users' Gmail accounts and monitor their activity.

"The goal of this effort seems to have been to monitor the contents of these users' e-mails, with the perpetrators apparently using stolen passwords to change peoples' forwarding and delegation settings," Google said in a blog post Wednesday.

During that attack, victims were compelled to open an e-mail appearing to come from someone they knew. The e-mail message used social engineering techniques with highly personalized content to entice them to click on links that took them to malicious sites impersonating the Gmail login screen.

"The telltale sign to note here was the fact that it took them back to a Gmail login screen after they were already in their account. That's never a good sign," said Fred Touchette, senior security analyst for AppRiver. "The fake log-in screen in these attacks also had multiple flaws that should have clued the victims to the fact that something was amiss as well."

Google said that it had already "detected and disrupted" the campaign aimed at hacking into military Gmail accounts, adding that the victims and appropriate government authorities have been notified.

China has since emphatically denied Google's allegations that the spear phishing attack originated in the world's most populous country, calling the search giant's claims "unacceptable."

"Blaming these misdeeds on China is unacceptable," said Hong Lei, Chinese foreign ministry spokesman in a news conference, according to The Telegraph.

Meanwhile an editorial, published by, Xinhua, the official Chinese news agency , said that Google's "groundless" accusations were damaging diplomatic relations and trust between the two countries, stating that "it was too imprudent for the online giant to lash out at others without solid proof to support its accusations.

"The chimerical complaints by Google have become obstacles for enhancing global trust between stakeholders in cyberspace," Xinhua said, adding "It is a real pity that Google's baseless complaints have distressed mutual trust and the efforts to establish new global governance in cyberspace, letting real online criminals obtain illegal profits without being punished."

Xinhua said that this was the second time that "Google arbitrarily pointed its finger at China," citing last year's allegations that the Chinese government perpetrated a hacker attack against the search giant, and elicited the help of the U.S. National Security Agency, which Xinxua said was "a serious threat to Internet neutrality.

"It is not appropriate for Google, a profit-first business, to act as an Internet judge," Xinhua said.

Next: Gmail Attack Continues Trend Of Targeted Phishing Schemes

However, security experts say that this particular attack is likely continuing a trend of phishing campaigns that are being used as weapons in more comprehensive cyber espionage efforts.

"The espionage angle has been brought to light progressively more lately, which is unsettling to most that it is happening, but unfortunately this isn't all that new either. We're just now starting to find out about them," said Fred Touchette, senior security analyst at AppRiver. "We have seen more and more directed spear phishing attacks against individuals and/or specific companies over the past few years. This is troubling news because they are usually harder to notice due to their customization but in no way will this affect eh cast net style approach of phishing."

Meanwhile, security solution providers say that the Gmail phishing attack doesn't necessarily imply that Google fell short in its security implementations.

"This isn't new. This isn't Google being hacked. This is people hacking themselves. It's just a phishing attack,' said Leo Bletnitsky, CEO of Las Vegas-based Las Vegas Med IT and Desktop Valet. "Nobody should be doing anything confidential over Gmail anyway. You assume that Google is indexing everything anyway."

Bletnitsky said that to prevent becoming the victim of a phishing attack, he regularly tells his customers to check the URLs and avoid clicking unfamiliar links, as well as questioning apps or Web sites that request users to re-enter a password when they're already logged in to a site.

"If something is behaving differently than it did before, you have to question it," he said.

The recent Gmail attack marks another point of contention in a tumultuous history between China and the search giant. Google's relations with China took a nosedive with a massive targeted attack on the search giant in January 2010, known as Operation Aurora , targeting Google source code and intellectual property.

Meanwhile, Touchette said that it was unclear if Google's previous history with China contributed to the swiftness of its public accusations.

"While it is slightly unusual that Google has made public this particular attack, it's hard to tell whether their past issues with China have had a role in the reason they did so," Touchette said. "I don’t think they're personally overhyping the situation, but rather letting everyone else take care of that for them."