US probes attempted hacking of Gmail

Official decries idea that China may be to blame

Google says it believes the attempt to break into Gmail accounts originated in China. Google says it believes the attempt to break into Gmail accounts originated in China. (Jason Lee/Reuters)
By Brian Womack and Douglas MacMillan
Bloomberg News / June 3, 2011

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Your article has been sent.

Text size +

SAN FRANCISCO — Google Inc.’s discovery of an attempt to steal passwords from Gmail users, which may have originated in China, is being reviewed by the State Department and FBI.

The United States was notified Wednesday and is looking into the allegations, Secretary of State Hillary Clinton said. The FBI said it is working with Google to review the matter. The attacks probably targeted hundreds of Gmail users, including US government officials.

“These allegations are very serious,’’ Clinton said. “We take them very seriously.’’

Google said the effort appeared to have been based in Jinan, China.

White House Press Secretary Jay Carney said there is no evidence government e-mail accounts were compromised.

Blaming China is “unacceptable,’’ Foreign Ministry spokesman Hong Lei said. The Chinese government disapproves of hackers and punishes them, he said.

Any suggestions that the Chinese government is behind the hackings at Google are “a fabrication’’ and have “an ulterior motive,’’ Hong said.

In January 2010, Google said it was targeted by sophisticated attacks from inside China aimed at obtaining proprietary information, as well as personal data belonging to human-rights activists who use Gmail. The company later decided to escape China’s censorship by pointing users to its Hong Kong service. In March this year, the company accused the Chinese government of blocking Gmail.

The hackers in the most recent case probably used a so-called phishing scam to collect passwords with the goal of monitoring e-mail content, Eric Grosse, engineering director on the Google Security Team, said in a blog post. The company said it detected and disrupted the campaign, secured users’ accounts, and notified authorities.

“We believe that being open about these security issues helps users better protect their information online,’’ Grosse said on the blog.

Google’s internal systems were not affected, and the attempts did not involve a security problem with Gmail, Grosse said.

Phishing scams typically involve tricking users into sharing passwords. While most such attacks aren’t targeted, these “hijackings’’ went after senior US government officials, Chinese political activists, officials in several Asian countries, military personnel, and journalists.

“A lot of this goes on internationally,’’ said Christopher McNally, a fellow and political economist at the East-West Center in Honolulu. “In most situations, it’s certain rogue organizations or even individuals that are doing it for profit.’’

Users should protect themselves by adopting such safeguards as multistep verifications for their accounts and strong passwords, Grosse said.