June 1, 2011 at 5:30 PM ET
Prominent users of Google's Gmail may have had their email accounts hijacked, Google said Wednesday, and the attack appears to have originated in China.
Eric Grosse, engineering director for Google's security team, said in a blog posting Wednesday that Google "recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists."
The White House said it does not believe any U.S. government email accounts were breached in the attack, but that it is investigating.
"We're looking into these reports and are seeking to gather the facts," White House spokesman Tommy Vietor told Reuters. "We have no reason to believe that any U.S. government email accounts were accessed." The FBI also said it is working with Google on the case.
The goal of the hijacking "seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change peoples' forwarding and delegation settings," Grosse wrote.
"Google detected and has disrupted this campaign to take users' passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities."
He also said it's "important to stress that our internal systems have not been affected — these account hijackings were not the result of a security problem with Gmail itself."
Google has had a turbulent relationship with China. Last year, the search engine reported some disruptions to it mainland China services after it threatened to pull out of the country because of Internet censorship practices there. Google had cooperated with China for several years, but was less inclined to do so after it traced to China hacking attacks on the accounts of human rights activists and at least 20 U.S. companies.
Wednesday's announcement comes amid a growing wave of attacks by hackers. Lockheed Martin announced May 21 it was the target of a cyber attack, one that the Pentagon's No. 1 arms supplier said it detected "almost immediately." The government's top information technology provider told Reuters it countered with stepped-up security measures and that data was compromised.
While China is suspect in that case, the Pentagon says more than 100 foreign intelligence groups have been trying to pierce U.S. networks. Beijing has denied any role in the Lockheed Martin case.
Last weekend, hackers attacked the PBS website, posting a fake story late Sunday that dead rapper Tupac Shakur was "alive and well." A group called Lulz Boat claimed responsibility, saying the attack was in response to a Frontline documentary, "WikiSecrets" about the leaking of U.S. government secrets to the WikiLeaks website.
Earlier this year, the company that runs the Nasdaq stock market said that hackers penetrated a service that handles confidential communications between public companies and their boards.
Most publicized, perhaps, in the past six weeks was the attack on Sony's online gaming network, the PlayStation Network, which shuttered the network for almost a month after hackers got access to the personal information of millions of Sony's customers worldwide. Sony began bringing services partially back online May 15.
Google is urging all users — prominent or not — to improve their security by following a two-step verification process for signing into Gmail, which uses your cell phone to get a verification code and an application-specific password — not your regular password — to sign in. That two-step process "protected some accounts from this attack," Grosse said. (See the video above for more information.)
Among other tips from Google: