Google disclosed the attack this week and said it targeted not only U.S. government officials, but also human right activists, journalists and South Korea's government. Google tracked the attack to Jinin, China, which is the home to a Chinese military school.
But that does not necessarily mean the attackers were Chinese or related to the government. The Chinese government denied any involvement.
The attack used emails that appeared to be tailored to their targets to better fool their victims, a technique known as spear phishing. Recipients were asked to click on a link to a phony Gmail login page that gave the hackers access to their personal accounts.
The attacks come as the U.S. government considers expanding its use of Web-based software for email, along with word processing, spreadsheets and other kinds of documents. Google is one of the many companies vying for the business with its Apps product, as is Microsoft . Web based email would be vulnerable to hackers who steal login information through phishing attacks. But Web-based systems are not necessarily any easier to hack than traditional email, which a government agency would usually manage using its own servers, said Larry Ponemon, chairman of the Ponemon Institute, a computer security company in Traverse City, Mich.
Jay Carney, the White House press secretary, said Thursday that all White House-related electronic mail was supposed to be conducted on work email accounts to comply with the Presidential Records Act, which governs how those communications are protected and archived. Carney said there was no evidence that any White House accounts were compromised.
White House employees are permitted to have private email accounts, he said, but cannot use them for work purposes. Officials at the White House and other agencies often keep two computers in their offices, one for unclassified work and another for classified. Very senior officials sometimes have a "secure facility" in their homes, in which computers and telephones are on dedicated lines and communications are encrypted.
Given its size, Google and its Gmail system will always make an attractive target.
Other personal email services, including Yahoo and Microsoft's Hotmail, have faced similar attacks, according to Trend Micro , a computer security company in Cupertino, Calif. "The types of attacks that are happening against Web mail users aren't confined to Gmail alone and extend to other email platforms," said Nart Villeneuve, a senior threat researcher for Trend Micro.
LINK TO OUR HOME PAGE :