Impact of Google’s Claims of Chinese Hacking Gmail

Today at 12:42 PM, Google announced via their blog that they have detected and stopped attacks originating from Jinan, China, targeted towards senior political officials, heads of state, politicians, and military leadership. The most recent attack on Gmail accounts, which attempted to trick Gmail users into providing personal information through the use of highly personalized messages and a document for them to download, changed the email forwarding settings of Gmail accounts in order to send emails to other accounts.

This is of heightened importance to national security as on 26-MAY, China confirmed the existence of their Cyber-Warfare team called the ‘Blue Army’ which, according to the AP is located in the Shandong province city of Jinan. Rook has yet to confirm the known location of the Blue Army training school, but continues to monitor IRC channel activity, online postings, and intelligence from our contacts.

The Pentagon recently announced that cyber attacks on government entities could be considered an act of war.

Top items of note when briefing executive management:

1. This challenge is not going away any time soon and tension is escalating in regard to high profile cyber attacks. There is not a technical solution that can solve this issue as the attack utilizes social engineering combined with technology.
2. Annual IT Risk Management Assessments should have flagged the risk of social engineering through emerging attack vectors such as personal email accounts with lower security than corporate accounts.
3. These are the most successful attacks because they are new hybrid social engineering attacks which catch people off-guard, with their defenses down, and utilize a targeted technical attack to deliver a payload that may go unnoticed, but reduces or compromises the security settings on the individual’s email controls. This can easily go undetected.
4. With the heightened attention to compromises, hacks, and breaches from the media, the impact from attacks increases and attracts more attackers who seek fame. Copycats.

Next steps (for enterprises):

1. Determine if it is time for a comprehensive enterprise risk assessment
2. Determine what, if anything, needs to be done to protect high value data, employees, and user accounts that may be targeted directly or indirectly
3. Determine if daisy-chained attacks through social media, personal email, home wireless, etc., could be detrimental to the security of your enterprise.
4. Evaluate enterprise capabilities to detect when corporate data is sent to personal email accounts, downloaded to removable media, or mobile devices.

Next steps (for individuals):

1. Enable 2-step verification. This feature uses a cell phone and second password on sign-in.
2. Use a strong password for your Google that you do not use on any other site.
3. Enter your password only into a proper sign-in prompt on a https://www.google.com domain. Google will never ask you to email your password or enter it into a form that appears within an email message.
4. Check your Gmail forwarding settings for suspicious forwarding addresses.