Corporate data hacks and cyber-warfare are two of the most important concerns for today’s high-profile cyber-criminal. Operation Aurora, the Stuxnet incident, the RSA massive compromise and the Epsilon Breach are some of the most notorious examples of this kind, but they are accompanied by smaller, stealthier breaches made possible by misconfiguration, human error or social engineering.
According to the Google report issued today, a group of unidentified Chinese hackers phished several e-mail credentials belonging to US government representatives, Chinese political activists, military personnel, journalists and other Asian officials. Today’s security incident is the second of this kind carried against the US-based company in less than 18 months.
Just as in the previous attack against the Gmail service, we can assume that cyber-criminals went after sensitive documents the users might have inadvertently forwarded from their business inboxes.
These cyber-crooks may have monitored their victims for a while, a task that has been made dramatically easier by the impact of social networking: you only need to have the victims’ email address to find out about their personal history, hobbies, habits, family life, and aspects of their work etc. Actually, these are the greatest assets in carrying a spear phishing attack. In addition to that, the stolen credentials could allow cybercriminals to further access other accounts where the victims may have reused their passwords.
Worst case scenario? Once all this data is secured, besides monitoring the email accounts’ activity, an attacker can further trick the victims into additional e-threat schemes. One of them could be downloading malicious mobile phone applications to report essential data about the victims, such as their GPS position. While Android has gained an enormous popularity in China, Google has not opened a regional Android Market, which has only encouraged third parties to build their own markets, many of them swarming with such malicious applications (DroidDream or Geinimi).
One can safely assume that this gmail incident is not a classic phishing attack motivated by easy money. Much more important intelligence is at stake, ranging from international affairs issues to military technology. The cost of the incident is yet to be determined, however it is obviously a couple of thousand times higher than the cost of protection needed to prevent such an event.
The rule of thumb for this kind of incidents: users should change the passwords to their gmail accounts, check if each message they send is set to be forwarded to another e-mail account and avoid using the same password for several online accounts that they may have created.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.