Washington scrambled on Thursday to assess whether security had been compromised after Google revealed a major hacker attack targeting U.S. officials that the Internet giant pegged to China.
"These allegations are very serious," Secretary of State Hillary Clinton said.
"We take them seriously; we're looking into them," Clinton told reporters a day after the Internet giant said it had disrupted a campaign aimed at stealing passwords of hundreds of Google email account holders, including senior U.S. government officials, Chinese activists and journalists.
Google's announcement fuels debate in Washington over China's intentions in cyberspace, which the United States has identified as a potential flashpoint for future conflict.
Blackberry maker Research In Motion and Microsoft Corp. could get a boost from the Google hacking incident. The companies have been fending off competitive challenges from Google's Android software and cloud computing services, as the corporate sector and the federal government explore whether Google is a secure alternative for email.
(Msnbc.com is a joint venture of Microsoft and NBC Universal.)
Neither Google nor the U.S. government has said the Chinese government was behind the attacks, and the U.S. State Department said it had not raised the issue with Beijing.
Google only said the attack appeared to originate in China.
Beijing nevertheless reacted angrily to Google's charge, saying it was "unacceptable" to blame Beijing and allegations that China supports hacking "have ulterior motives".
Clinton said Google told the State Department before it made its public announcement on Wednesday, and the U.S. Federal Bureau of Investigation was investigating, with Google.
The White House said it had no reason to believe official government emails were hacked in the Google incident, and officials at many agencies stressed that government employees were directed not to use private accounts to discuss sensitive issues.
"Rule number one is: don't do anything stupid," one national security official said.
Some agencies, including the Securities and Exchange Commission and the Commodity Futures Trading Commission, block employees from accessing personal accounts from work. But there is no blanket ban and other agencies do allow it.
"Those of us who do run private accounts are very, very mindful of the security issues," Chief of Naval Operations Admiral Gary Roughead told Reuters.
Still, the government will check whether senior officials' private accounts were targeted, said one official, speaking on condition of anonymity.
"There is a lot of awareness that whether it's a hostile intelligence service or others who may want to access this," the official said.
Dueling In cyberspace
Google's latest salvo looked likely to bring Internet policy to the foreground in the U.S-China relationship, where Washington and Beijing have staked out sharply contrasting approaches to censorship, freedom of speech and cybersecurity.
The United States was drawn in last year when Google temporarily shut its Chinese-language portal over censorship concerns and a cyber attack it said was traced to China. Clinton also has accused Beijing of facing a "dictator's dilemma" as it seeks to control technologies that are fueling growth and free speech around the world.
The dispute over the Internet has at times amplified existing strains in the U.S.-China relationship on everything from human rights and trade to intellectual property rights.
The United States has warned that a devastating cyberattack could result in real-world military retaliation, although analysts say it could be difficult to detect its origin with full accuracy.
The White House and the State Department have appointed officials to oversee cybersecurity issues. The Pentagon probably has the most developed strategy in the U.S. government, with a Cyber Command and thousands of people in different divisions of the military dedicated to matters of cybersecurity and cyberwafare.
The State Department's cyber coordinator, Christopher Painter, called cyber security a diplomatic priority for the United States as it seeks to defend itself from threats ranging from freelance hackers to militants to potential rival states.
"The most important thing is to build international consensus....It's not just China that we need to engage with. It is an important part of our agenda with every country," Painter told Reuters on the sidelines of a London conference.
Factbox: Personal email account policies at U.S. agencies
The government on Thursday was assessing whether security was compromised after Google Inc said hackers from central China tried to hack personal Gmail accounts used by senior officials.
The Executive Office of the President, which includes the White House and related offices, blocks access to outside email services such as Gmail, Hotmail and Yahoo Mail on its networks within the complex. Other agencies also have firewalls to block access.
Here is what various government departments and agencies said about their policies on personal email accounts:
Federal Reserve
"Board officials and employees are not allowed to use personal email accounts for business purposes," a Fed spokesman said. "We're not aware of any problems."
Justice Department
The Justice Department declined to say whether Attorney General Eric Holder was a target of the hack or whether he has external email accounts. However, Holder is a gadget aficionado and loves talking about his iPad.
Employees at the main Justice Department headquarters are allowed access to external email accounts like Gmail and some employees keep their smartphones on their desks.
Securities And Exchange Commission
"The SEC does not use Gmail, and the agency's email system blocks employees from accessing any personal Gmail accounts they may have," said spokesman John Nester.
Commodity Futures Trading Commission
The CFTC only has email accounts for work and have firewalls to stop access to Gmail and other personal email accounts, an agency spokesman said.
Nuclear Regulatory Commission
"We do not use Gmail for any agency business," said NRC spokesman Eliot Brenner, who said he was not aware of any attacks on personal Gmail accounts held by officials who work for the U.S. nuclear safety regulator.
The agency's firewall does not block access to Gmail or other personal email services that use a webmail portal, and its policies allow employees to check personal email on an occasional basis, he said.
More on the Google Gmail cyber attack: