From The Blog

Wednesday, 06 June 2012 12:53

Google to Start Issuing Warnings About Possible State-Sponsored Attacks on GMail Accounts; Who Are These For?

Written by

Reading time is around minutes.

Google-LogoIn other “hacking news” two days ago Google announced that it would begin spreading FUD…. I mean warning users about the possibility that their computer systems and Gmail accounts could be under attack by “State-Sponsored” individuals. The new came after recent discoveries that Stuxnet was a US sponsored attack and the widely held belief that Flame is also a state-sponsored bit of malware.

The biggest question on everyone’s mind is: “how in the world is Google going to tell the difference?”

Google’s response is something of a smoke screen though with them saying coyly;

“You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.”

The new warning seem to be aimed at spreading fear more than anything else as many security researchers are wondering what could be in Gmail accounts that are so sensitive anyway? If you have the type of data that is that sensitive you probably should not be putting it in a Gmail account (or any other cloud based email service for that matter). Still there are a few things to remember about any cloud service, they are ALL vulnerable to intrusion and this is beyond the typical “weak password” issue that is the source of many breaches.

We really are not sure what Google hopes to accomplish with these “proactive” warnings, but to warn someone after the fact instead of perhaps working to add additional security into your own systems is not being proactive. Google could (and perhaps should) require two factor authentication for their Gmail users, require complex passwords with expiration cycles and more. The down side of this is that all of these things cost money to implement and most users do not want the hassle. Remember ease of use often means lack of security… Something to think about the next time you sign up for a cloud based service regardless of what it is.

 

Discuss this in our Forum

Read 2509 times Last modified on Wednesday, 06 June 2012 13:03

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.