Massive Gmail phishing attack hits top U.S. officials

NEW YORK (CNNMoney) — Hundreds of personal Gmail accounts, including those of some senior U.S. government officials, were hacked as a result of a massive phishing scheme originating from China, Google said Wednesday.

The account hijackings were a result of stolen passwords, likely by malware installed on victims’ computers or through victims’ responses to e-mails from malicious hackers posing as trusted sources. That type of hack is known as phishing. Gmail’s security systems themselves were not compromised, Google said.

The company believes the phishing attack emanated from Jinan, China. In addition to the U.S. government personnel, other targets included South Korean government officials and federal workers of several other Asian countries, Chinese political activists, military personnel and journalists.

“The Department of Homeland Security is aware of Google’s message to its customers,” said Chris Ortman, a spokesman for the agency. “We are working with Google and our federal partners to review the matter, offer analysis of any malicious activity, and develop solutions to mitigate further risk.”

The news comes a little more than a year after a separate hack originating from China affected Gmail accounts of Chinese human rights activists. In that case, attackers were able to break through Google’s security systems, and two Gmail accounts were hacked.

That cyber attack set off a series of events that eventually led to Google ending its agreement with the Chinese government to censor certain search results, and the company physically moved its servers out of the country.

This time around, the hack appears larger in scope — but Google itself was not attacked. A person with knowledge of the attack’s details said there was no apparent correlation between last year’s attack and this one.

A spokesman from Google declined to comment on how the company obtained the information about the most recent hack. Public information, user reports and a third-party hacking blog called Contagio was used to determine the scope, targets and source of the attack.

Google (GOOG, Fortune 500) said it notified the victims and disrupted the campaign.

The hackers were attempting to monitor the victims’ e-mails, and some users’ forwarding settings were altered.

The company urged users to “please spend ten minutes today taking steps to improve your online security so that you can experience all that the Internet offers — while also protecting your data.”

Google provided several examples of how Gmail users can better protect themselves from phishing attacks on its blog, including enabling a setting that allows users to login to their accounts only after receiving a verification code on their phones. The company also suggested that users monitor their settings for suspicious forwarding settings.

Related Articles

Comments and Discussion