Never mind Stuxnet’s infiltration of Iranian nuclear facilities – national governments are carrying out Internet attacks against private citizens, often their own. Now Google has stepped into the breach. If it detects an attack, the search giant says, it will warn the victim and block the perpetrator.
Diplomatic cables leaked by WikiLeaks implicated the Chinese government in hacking into alleged dissidents’ Google accounts. This incident led to Google pulling its business out of China, although since then it has inched its way back. Google wants to serve the huge Chinese user base, but it will implement new security measures to protect those who might come under attack by prying governments.
Google’s New Warning
Google announced yesterday that it will show a warning message to its users who “may be the target of state-sponsored attacks.” Moreover, it will attempt to stop third parties from maliciously logging into its users’ accounts.
“When we have specific intelligence – either directly from our users or from our own monitoring efforts – we show clear warning signs and put in place extra roadblocks to thwart these bad actors,” wrote Eric Grosse, Google’s VP of security engineering.
The new warning against state-sponsored hacking reads, “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.” The message is followed by a link to “protect yourself now.” Google won’t provide the URL for the linked page, and the text does not retrieve any Google search results. However, a Google staffer shared some of the copy with Andy Greenberg at Forbes:
It’s likely that you received emails containing malicious attachments, links to malicious software downloads, or links to fake websites that are designed to steal your passwords or other personal information. For example, attackers have often been known to send PDF files, Office documents, or RAR files with malicious contents. We strongly recommend that you avoid clicking links or attachments in suspicious messages.
Google aims to protect its users from spoofing, phishing or malware attacks that would let these state actors gain access to the user’s private data. Unfortunately, the most vulnerable link in Google’s security is the human user. Malicious sites can appear to be Google sites asking for your password, but they could come from another domain and steal your login info. To counter such tricks, Google recommends creating a unique password with a mixture of capital and lowercase letters, numbers and punctuation marks, activating Google’s two-step authentication for login, and making sure your software is up to date.
But in the event that a state actor takes additional measures to attack a Google user, the company will display its warning message.
How Does Google Know an Attack is State-Sponsored?
Google spokespeople will not comment on the announcement beyond what is written therein. But Grosse anticipated the question of how Google knows an attack is state-sponsored:
“We can’t go into the details without giving away information that would be helpful to these bad actors,” he wrote, “but our detailed analysis – as well as victim reports – strongly suggest the involvement of states or groups that are state-sponsored.”
Google has a unique vantage point on worldwide network traffic, so it’s possible that any large operation would be visible to its security team. But it doesn’t want to show its hand to malicious hackers trying to attack its users through the back door.
What does Google do when governments knock on the front door (legally speaking) and ask for user data? That’s another story.