Google announces protection against state sponsored hacking

email privacy, email security, identity theft No Responses »
Aug 222012

 

If you are a Gmail user do not be surprised when you log in to find a message from Google saying that you could be the target of a ‘State sponsored attack’ and advising you on the methods to adopt to stay secure.  A recent blog by Eric Grosse, VO Security Engineering at Google describes this.

In a number of well publicized attacks, governments have sought to pressurize Google into letting them see the mail of dissidents and other citizens that it is otherwise apprehensive about. Readers many recall that some time ago, Google had to shut down its servers in mainland China and move them to Hong Kong when Chinese hackers broke into its servers in China.  Apparently this kind of hacking and espionage is on the rise. Google has created some kind of an algorithm that looks out for malicious activity on their systems, identifies the target account and warns the users. The exact parameters that are being monitored are not detailed (for

In the past, Google has detected attacks originating from China targeting US officials, Senators, South Korean officials and military personnel etc. These attacks aim to log into Gmail accounts and read mail.

Besides issuing warnings, Google says that it “put(s) in place extra roadblocks to thwart these bad actors”.  The warning Google sends to you is displayed on your log-in page and a sample is shown below –

 

Google is careful to stress that the internal security structures at the company are secure and have not been broken into. It’s the email accounts that have been compromised primarily by the bad guys obtaining passwords, access to secondary email accounts and through phishing. Once they have access to the account they want, the government hackers are able to map the email contact network of the person and spread their net wider.

There are many ways to thwart such an attack. Google gives a number of useful techniques. These are –

Enable two step verification on your sensitive account, this will ensure that every time you attempt to log in, you will be sent a verification code to your cell phone you have registered. You will need to log in with code as well. If you find this cumbersome, you can make this code permanent to your PC for 30 days.

It is critical to use a strong password that is a mix of upper and lowercase letters, numbers and special characters. Never enter your password into a pop up box, no matter how authentic it appears.

Once in a while go to your Gmail account and check that your mail is not being automatically forwarded to other accounts. This is a great feature in Gmail, but it can be easily misused if someone can access your account.

Besides securing your account as discussed above, separate your account for critical and non critical use.  Do not make these accounts secondary to each other so that the password reset link for one account goes to another.

Posted by sanjay at 11:42 am Tagged with: , , , ,

Emails of Computer and Technology Crime High Tech Response team hacked!

email privacy, identity theft No Responses »
May 162012

The San Diego Reader reported in a news item dated May 14, 2012 that Anonymous, the world (in)famous  group of hackers and activists had hacked into the email of a retired agent of the California Justice Department. What makes the exploit particularly dangerous is the fact the agent (whose name has not been disclosed) is also a member of a high powered law enforcement committee on computer security.

Anonymous has stated that they were able to obtain the social security numbers and other personal details of many individuals. The exploit had occurred sometime in November 2011 but details were put online by California Attorney General’s office on May 11, 2012. Presumably the breach was detected somewhere during this month.

The AG’s office said that the email of a member of the Computer and Technology Crime High Tech Response team (CATCH) was hacked and the data compromised included (but not restricted to) names, addresses, dates of birth and social security numbers. Individuals were urged to take steps to protect themselves from possible identity theft.

In November 2010, CATCH had been awarded the 1st Annual Cyber Security Award as a recognition of their outstanding work towards improving cyber security in the public domain. The CATCH steering committee comprises experts from CISCO, Cox Communication, Qualcomm, Intuit and others.

Recently, Chris Doyon, a suspected member of Anonymous told reporters in Canada that “Right now we have access to every classified database in the US government. It’s a matter of when we leak the contents of those databases, not if

Anonymous has also been active against Russia and China besides many other countries. On May 09, 2012, they had shut down Russian President Vladimir Putin’s website as a support to protests against his election.  In a Reuters report dated April 09, Anonymous was reported to be attacking the pillars of Chinese censorship and had vowed to breakdown the ‘Great Firewall of China’.

Posted by sanjay at 9:18 am

16,000 Finns' details shared online

identity theft No Responses »
Nov 052011

Keys spell "murto," Finnish for break-in.

Finland’s communications watchdog, Ficora, says people whose data was leaked through a file-sharing website should not try to take matters into their own hands. The events cannot be undone, says the organisation.

Several copies of the leaked files are now circulating on the internet.

Ficora’s head of networks and security, Erka Koivunen, says people whose personal details were published online should wait for the responsible party to contact them. Continue reading »

Posted by gebels at 5:25 pm
© 2012 Secure Email Hosting Blog Suffusion theme by Sayontan Sinha