Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

So Villeneuve says Google probably looked at many more clues to decide the source of the recent attacks. For example, he says, the company could have looked for patterns in the times that the attacks took place. Villeneuve believes that “from their point of good visibility, they could build up a lot of information.”

Even then, Villeneuve emphasizes, it is extremely difficult to pin responsibility for the attacks on any single entity, organization, or nation.

Bruce Schneier, a prominent computer security expert and chief security officer of the British company BT, agrees. “Attacks don’t come with a return address,” he says. “This is a perennial problem. It’s not a problem of anonymity; it’s a problem of how the Internet works.”

While there’s good reason to suspect Chinese involvement, there’s no way to know for sure, Schneier says. Routing an attack through China would be an excellent way for another interested party to throw investigators off their track, he says. But Schneier adds that the type of attack leveled at Gmail users is happening all the time.

Security researcher Mila Parkour identified and posted samples of some of the fake e-mail messages and fake Web pages used to trick Gmail users into handing over their log-in information. She notes that “the spear phishing method used in this attack is far from new or sophisticated,” but points out that Web mail services offered by Google, Yahoo, and others don’t offer users the same level of protection as many enterprise systems. What’s more, she says, many users forward messages from business accounts to personal accounts, making the personal accounts worth targeting.

Villeneuve says that in some of the Web mail attacks he’s studied, attackers seem to be gathering information about a user’s computer or antivirus software. Since many people check personal e-mail at work, attackers might also be looking to gather information about systems at other locations that they want to target later, Villeneuve believes.

Though Google has gained headlines for coming forward with the recent news, Villeneuve notes that targeted attacks aimed at high-value individuals are “not just a Google problem.” He’s recently identified similar examples aimed at users of Yahoo mail and Hotmail, but he cannot confirm that they are related.

2 comments. Share your thoughts »

Credit: Technology Review

Tagged: Web, Google, security, China, gmail, hack

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me