China Denies Gmail Hack, Claims It’s a ‘Victim’ Too

  • Share
  • Read Later

China’s response to Google’s accusation that Chinese hackers broke into Gmail, the company’s free online email service, and absconded with the login details of hundreds of senior U.S. and Asian government officials, military personnel, journalists and Chinese political activists?

We didn’t do it, and your “unacceptable” attempt to blame us has “ulterior motives.”

Google yesterday wrote that it had uncovered a campaign “to collect user passwords, likely through phishing” from hundreds of personal Gmail accounts, and that the hack attack appeared “to originate from Jinan, China.” Jinan is the capital of Shandong Province in Eastern China, though Google didn’t blame anyone specifically.

“The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings,” wrote Gmail in an official blog post. The company claims it disrupted the campaign, then notified those affected, including “relevant government authorities.”

(More on Google: Gmail Attack from China Affects ‘Senior U.S. Government Officials’)

China’s response? Not so fast, Google.

“Blaming these misdeeds on China is unacceptable,” said Chinese foreign ministry spokesperson Hong Lei at a press conference (via Reuters). “Hacking is an international problem and China is also a victim. The claims of so-called support for hacking are completely unfounded and have ulterior motives.”

Google would have traced the attacks by IP address and, however anonymized, probably been able to determine their country of origin with high specificity. China’s reaction frankly sounds like an overreaction, especially seeing as Google wasn’t blaming individuals (or institutions) specifically. And I’ve been unable to locate the source of China’s allegation that Google simultaneously accused the country of “support for hacking.”

Wherever they came from, these latest attacks involved “spear phishing”—basically phishing (attempting to acquire sensitive personal information by appearing as someone or something trustworthy) with targeted objectives. It’s the difference between firing randomly into a crowd, hoping to score random hits, and using a laser pointer to single individuals out.

As Techland editor Doug Aamoth noted yesterday, Google recommends improving your online security by using two-step verification, selecting a strong password, and watching your account for suspicious activity warnings.