Gmail hackers had access to accounts — Expert

been planning a more serious attack, said the cyber-security expert who first publicly revealed the incident.
Google said suspected Chinese hackers tried to steal the passwords of hundreds of Gmail account holders, including those of senior US government officials, Chinese activists and journalists.

“They were not sophisticated or new, but they were invasive,” said Mila Parkour, who reported the cyber-attack on her malware blog in February.
“Emailing phishing messages using details from read personal messages is invasive. Plus, they maintained full email access to mailboxes for a long time,” the Washington-based Parkour said. She uses a pseudonym to protect her identity.

“I covered one; they (Google) took it and uncovered many more of the same kind,” she said, noting the method of attack was invasive and targeted.
Parkour was initially involved in investigating one such phishing incident, referring to the practice where computer users are tricked into giving up sensitive information, and then started to gather data on other similar incidents, she said.

Google declined to comment on the details of Parkour’s report, but a source with knowledge of the matter said there were similarities between the attack she analysed and the rest of the campaign. The source declined to be identified owing to the sensitivity of the issue.

The Internet company, which was also the victim of a sophisticated hacking episode last year, gave no details about the most recent attack other than to say it had uncovered a campaign to collect user passwords, the goal of which was to monitor users’ emails.

The company said its Gmail infrastructure had not been compromised.
Parkour’s analysis in February showed that the hackers emailed victims from a fake email address, which purported to be that of a close associate in order to gain their trust. The email contained a link or an attachment.

When the victims clicked on the link or document, they were prompted to enter their Gmail credentials on a fake Gmail login page created to collect usernames and passwords, after which the hackers had full access to their accounts.

In the case that Parkour studied, the victim was unknowingly in contact with the hackers between May 2010 and February 2011 according to email screenshots she posted. He received emails once or twice a month that allowed them to maintain updated access to his inbox.
“The victims were carefully selected and had access to sensitive information and had certain expertise in their area,” Parkour said. – Reuters.

facebookShare on Facebook
TwitterPost on X
FollowFollow us
PinterestSave

Related Posts

Ending fistula, restoring dignity
Ending fistula, restoring dignity

Disability Issues Dr Christine Peta FOR thousands of women and girls across Africa, Asia and beyond, obstetric fistula is not just a medical complication, it is a profound social and…

Continue reading
UK pledges to support Zim in UNSC
UK pledges to support Zim in UNSC

Zvamaida Murwira Senior Reporter THE United Kingdom has pledged to work with Zimbabwe when it takes up its United Nations Security Council non-permanent seat that it overwhelmingly won early this…

Continue reading

Leave a Reply

Your email address will not be published. Required fields are marked *

×
×