In the latest entry to the Google Online Security Blog, the company reports that it is now alerting Gmail users when they become targets of state-sponsored attacks.
Eric Grosse, VP Security Engineering, said on Tuesday that when a warning is activated, a pink bar will appear atop various Google services with a message that reads: “We believe state-sponsored attackers may be attempting to compromise your account of computer. Protect yourself now.” The “protect yourself” text will link back to a page offering steps to take in guarding against account hacks.
“If you see this warning it does not necessarily mean that your account has been hijacked,” Grosse writes. “It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account.”
Google suggests that users create a unique password that has a good mix of capital and lowercase letters, as well punctuation marks and numbers. Users should also use the two-step verification process as an additional security measure: it involves using a smartphone to enter an additional access number, and sometimes it can be a real pain, but it’s better than using a simple password (read: Gmail hack victim).
“Attackers often send links to fake sign-in pages to try to steal your password, so be careful about where you sign in to Google and look for https://accounts.google.com/ in your browser bar,” he adds. “These warnings are not being shown because Google’s internal systems have been compromised or because of a particular attack.”
So how does Google know when activity is a state-sponsored attack? The company will never reveal its secrets. “We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis — as well as victim reports — strongly suggest the involvement of states or groups that are state-sponsored,” Grosse states.
The announcement arrives just one week after researchers discovered Flame, a nasty data-mining virus that spied on infected computers over in the Middle East. It was able to install itself without user knowledge by tricking Windows into believing it was a Microsoft-sanctioned program. Researchers believe it was sponsored by the same entity that commissioned Stuxnet, a virus co-sponsored by Israel and the United States, and used to attack Iran.