Senior American officials were among hundreds of people who had their Gmail accounts broken into by Chinese identity thieves, Google announced today (June 1).
"We recently uncovered a campaign to collect user passwords, likely through phishing," Google security specialist Eric Grosse said in the third paragraph of what at first seemed to be a dull blog posting.
"This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists," Grosse continued.
Jinan is the capital of Shandong Province in north-central China.
Grosse went on to say that, "The goal of this effort seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change peoples' forwarding and delegation settings."
According to the posting, Gmail permits users to both automatically forward email and give others access to their accounts.
"Google detected and has disrupted this campaign to take users' passwords and monitor their emails," Grosse said. "We have notified victims and secured their accounts. In addition, we have notified relevant government authorities."
[The spear-phishing attempts were first described in great detail, but not widely noticed, on a security blog in February.]
For the past few years, Western government, military and defense-industry networks have been under increasing attack by skilled, sophisticated hackers who most experts agree are working for or with the Chinese government.
Previous suspected Chinese network-penetration targets have included dozens of Fortune 500 and Silicon Valley companies, the French and British treasuries, the European Union, major energy companies and the 2008 presidential campaigns of John McCain and Barack Obama.
In many cases, entry was gained using a "spear phishing" scheme that deceived specific individuals with what appeared to be insider information, and the stolen data was secret government, financial or military information.
Security experts have come up with a name for this sort of intrusion: an "advanced persistent threat," so deemed because the intruders are patient, smart and tireless.
Just last week, a Chinese military spokesman revealed the existence of a long-suspected cyberwarfare unit within the People's Liberation Army.
Information was leaked today that the U.S. military would consider certain cyberattacks acts of war worthy of physical response.
"If you shut down our power grid, maybe we will put a missile down one of your smokestacks," an unnamed official said as he explained the soon-to-be-released Pentagon policy to the Wall Street Journal.