Wednesday, June 1, 2011

China: Sinister by any name

We can attribute stealing passwords to those Nigerian 419 Scams - come save me, I'm stuck in.  Or perhaps it is the 'you just won a billion dollars in a lotto your great grandfathers 3rd cousin bought a ticket for you to play, and you did, and won' ... but those attempts are stupid.  While they suck away money from people who are neither bright nor deserving of whatever money they have, these sorts of attacks and others emanating from Russia, are far more sinister and dangerous.

Christopher McNally, a fellow and political economist stated that “a lot of this goes on internationally," and  “in most situations, it’s certain rogue organizations or even individuals that are doing it for profit.”   In China one does not access the internet unless the government has approved you to own a mouse and a computer, an apartment to live in from which to access the internet.  You must be extra special to access the internet from your abode, and to access the real WWW and not the WWW the Chinese government created for their educated masses, requires you to be among the elite - and from all of these people, all 50,000 of the billion possible, maybe 2,000 have the technical expertise to hack and they all work for the Chinese government.

Google Suspects China in Passwords Incident

By Douglas MacMillan and Brian Womack
Jun 1, 2011

Google Inc. (GOOG), owner of the world’s most popular search engine, said hackers tried to steal passwords from hundreds of Gmail users, targeting the accounts of government officials in the U.S. and Asia.

The campaign, which appears to have originated in Jinan, China, probably used a so-called phishing scam to collect passwords with the goal of monitoring e-mail content, Eric Grosse, engineering director on the Google Security Team, said in a blog post today. The company said it detected and disrupted the campaign, secured users’ accounts and notified authorities.

“We believe that being open about these security issues helps users better protect their information online,” Grosse said on the blog.

The campaign against Gmail users comes amid growing concern about network security, prompted by recent cyber attacks against Sony Corp. and Lockheed Martin Corp. Google said last year it was the victim of attacks against its systems that originated in China and focused on human-rights activists’ accounts. Google said it was no longer willing to censor search results in China, and then started redirecting users there to its Hong Kong service.

“A lot of this goes on internationally,” said Christopher McNally, a fellow and political economist at the East-West Center in Honolulu. “In most situations, it’s certain rogue organizations or even individuals that are doing it for profit.”

In the recent case, Google’s internal systems weren’t affected, and the attempts didn’t involve a security problem with Gmail, Grosse said.

Tricking Users

Phishing scams typically involve tricking users into sharing passwords that can then be used to obtain information. While most of these kinds of attacks aren’t very targeted, these “hijackings” went after senior U.S. government officials, Chinese political activists, officials in several Asian countries, military personnel and journalists.

Users should protect themselves by adopting such safeguards as multistep verifications for their accounts, strong passwords and checking for suspicious forwarding addresses, Grosse said.

Google, based in Mountain View, California, fell $3.42 to $525.60 at 4 p.m. New York time on the Nasdaq Stock Market. The shares have declined 12 percent this year.


Make Mine Freedom - 1948

American Form of Government

Who's on First? Certainly isn't the Euro.