Gmail security breach, want some proof?

Just 2 days ago CC sent me a link to a Chinese blog post about how he noticed his personal emails from Gmail account was accessed and screened by GFW. I was skeptical and thought it could just be a hoax or hype or just a theory. And today, the news broke out. Google officially announced that they will no longer provide censored searches for Google.cn because they faced cyber attacks originated from China which targeted Gmail accounts of Chinese human rights activists! This could mean end of the road for Google in China.

As part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.

My jaw dropped as I read the statement from Google. This is exactly what the blog I read 2 days ago tries to prove.

GFW screens personal emails

Jan 10, 2010

by wzyboy

I setup my Gmail to automatically forward all the emails to my 139 email box, this way I can use my cell phone to receive my Gmail’s new email notice. It was this way for long time, and I never had any problems. Couple of days ago I suddenly noticed that I got many same short email notices. I thought it was very strange so I signed into my 139 email account. I saw that these emails repeatedly appeared over 20 times, these 20 emails have the same content, and the sent time was exactly the same also, the only difference is the receiving time. Then I thought of someone used to experiment with sending emails between Gmail and QQ, and this is my analysis.

Gmail is a responsible email service, it will do its best to ensure your email get to the receiving mailbox. If the first time receiving mailbox fails to receive the message, it will send you a warning, telling you that your email was delayed. After a while it will retry, when the many retries fail, then it will send back an email to the sender that his email failed. After I setup up the email forwarding in my Google account, all emails except the emails sent to the Groups will always be forwarded to 139, my emails were reviewed and screening in during this forward process.

If before I didn’t have enough evidence, then I now have these evidences.

This is my signature for the Charter 08, which was blocked.

[Charter 08 (零八宪章Língbā Xiànzhāng) is a manifesto signed by over 303 Chinese intellectuals and human rights activists to promote political reform and democratization in the People’s Republic of China.]

After trying to send many times, Gmail finally gave up sending and determined sending failure. But in fact, those emails were all blocked by the screening system and were being screened. And they were eventually sent to the 139 mail box, that’s why in my 139 mail box I had 20 same emails.

So is the screening system only screens the email which contains particular email address? (for example 2008xianzhang2008@inbox.com ) No, it’s not like that. I checked, as long as the emails contains sensitive words, they will be reviewed, please see:

This is a personal email I wrote to my classmate. This classmate just registered twitter, so I recommended him some well-known twitter friends:

Message-ID: <c81a04af0912312146h7a61dce0i30396bdef672cac6@mail.gmail.com>

Subject: =?GB2312?B?UmU6IL/JxcK1xEdyYXZpdHk=?=

From: Zhuo Wang

To: wzyboy

Content-Type: text/plain; charset=GB2312

Content-Transfer-Encoding: base64 为什么在图书馆里会发生ERROR:-36 On 1/1/10, wzyboy wrote:

写推？不知道…没用过。那个API应该是调用次数吧，我听别人说过，似乎是越高越好。

我建议你Fo点人：

@guao 半人半机器人。播报谷奥博客上的新消息以及关于Google的新闻

@rtmeme 机器人，偶尔具有人的意识。会自动统计中文推特用户锐推最多的推。如果被它锐推了你的推，说明你的那条推很精彩。我被推过一次。这是一种荣誉啊。

@CMCCSH 和 @CUGSM 这是中国移动和中国联通的两个非官方帐号，人类。两人是相应公司的员工，热情。两人有时会针尖对麦芒。

@xream 无锡人。原天一中学少年班。目前就读于西安交通大学，你可以在他的lists里找到更多的无锡人。

@helloell 气质美女。目前就读于Swansea, the UK的某大学。

@onlyswan 推特红人，人气极旺。加拿大籍华人，目前就读于上海某大学，本科。人妻。尺度开放而不放荡，好色。兔子说不建议你Fo她，防止你被带坏。

@newsinchina 无私奉献的推特教牧师，热情，精力充沛。

@lianyue 推特中文圈里Foer最多的人，对事件有独特见解。

@aiww 艾未未。著名维权人士，持不同政见者。

@ranyunfei 冉云飞。同上。

@fzhenghu 冯正虎。维权人士。详情可点击他的Link查看，是一个字很多、图片很多的Docs文档。 以上这些是我能想起来的一些人。你可以在我的Friends里翻翻，找到更多的人。

(In the email: Twitter name and names of Chinese human rights activists)

If just mentioned certain sensitive names in our email resulted this email’s ending failure.

Other than this, I looked through some of other delayed emails, these email were mostly between my classmate and me. I compiled a list:

我眼中的2009年中国10大网事 | In my eyes, 10 major incidents on Chinese internet in 2009 中国网络封锁和监控简史| A Brief History of China’s Internet blocking and monitoring Google Alert – Ubuntu 9.10 [微软快速成长型企业资讯快报] – 快来免费索取限量 Office 2010 试用光盘！| Microsoft’s fast-growing enterprise IT Express] – Come obtained free of charge a limited Office 2010 Trial CD-ROM! 十二棵橡樹: 关于Google的hosts以及如何使用IPv6 | about google’s hosts and how to use IPV6 自由门怎么用在Chrome上？| Freedom gate, how to use it on Chrome? 可怕的Gravity | scary Gravity [快速成长型企业快报特惠专刊] – 新年新希望，Office 2010 抢先送惊喜！| [Fast-growing enterprises express an ex-gratia special issue] – New Year, new hope, Office 2010 first to get pleasantly surprised! Springboard Series Insider: Volume 2, No. 1 零八宪章签名 | Charter 08 signatures

From these titles you can see, not only emails containing political keywords, but some emails only scratches the GFW issue will also be reviewed. For example the first one “In my eyes, 10 major incidents on Chinese internet in 2009” , I sent this to my email from Google reader. This article was posted by @jason5ng32 (well-known blogger) on kengnengba.com, this article mentioned some things authorities did not want to see, the original article was already deleted.

GFW is really developed to the point of screening personal emails. If you and your friends use any email accounts in China, the emails will be screened. Your emails will all be read. Someone reported this on cnBeta.com, but the article was deleted. Now I experienced this myself, and post it on Blogspot, so it will not be deleted.

So I am reminding everyone, don’t think using Gmail is safe, I believe many of Gmail users all setup emails to be forwarded to 139, be sure to remember that 139 is a email service in China!

—–

wzyboy

Blog: http://wzyboy.info

Twitter: @wzyboy

GV: 1(734)931-0***