Want CNET to notify you of price drops and the latest stories?

Google warns Gmail users about state-sponsored email hacking

If Google thinks a government is trying to sneak into your Gmail account -- well, now it'll let you know. And if you think this is another veiled snipe at China, you're not alone.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
3 min read
This is the warning that Google is displaying to Gmail accounts that it suspects may have been targeted by state-sponsored phishing and malware attacks.
The Google warning displayed to Gmail accounts that may have been targeted by state-sponsored phishing and malware attacks. Google

Google hasn't been shy about wagging its finger at China

recently. And in what appears to be another veiled snipe at Chinese authorities, the tech company says it is now warning users if state-sponsored phishing or malware attacks appear to have targeted their Gmail accounts.

"We are constantly on the lookout for malicious activity on our systems, in particular attempts by third parties to log into users' accounts unauthorized," Eric Grosse, vice president of security engineering at Google, wrote in a blog post today. "When we have specific intelligence -- either directly from users or from our own monitoring efforts -- we show clear warning signs and put in place extra roadblocks to thwart these bad actors."

In such cases, a notice will appear at the top of the Gmail page that says "Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer."

If that warning appears, it doesn't mean the account was successfully hijacked. It just means that the account appears to have been a target, and that Google is urging the account holder to change the password and set up additional security precautions.

In addition to creating a strong password that combines lowercase and capital letters, numbers and punctuation marks, Gmail are advised to set up two-step verification that texts a one-time code to the account holder's phone to enable a login.

There are other general security measures that everyone should take, Google suggests. These include updating the browser, operating system, plugins, and document editors, and being wary of links in e-mails or on non-Google Web sites that ask for your Gmail password. The legitimate Google account log-in site will have this: https://accounts.google.com/ in the browser bar.

Google representatives don't usually go into details about what tips them off to computer attacks because they don't want to reveal to attackers what works and what doesn't work. And Grosse doesn't say how the company knows an attempted attack is coming from someone working on behalf of a national government. "Our detailed analysis -- as well as victim reports -- strongly suggest the involvement of states or groups that are state-sponsored," he writes.

Google didn't mention any specific countries that might be behind the attacks, but given its past warnings, China is likely one of the suspected culprits. Despite the fact that the use of proxy servers and other technologies make it difficult to trace attacks back to their source, Google was quick to blame China for a sophisticated attack on it and a host of other companies in early 2010.

In one attack, Google intellectual property was stolen and someone tried to access the Gmail accounts of Chinese human rights activists. Around the same time, someone used phishing or malware to get access to Gmail accounts of dozens of human rights advocates in the U.S., China and Europe, Google said.

A year ago, Google announced that it had detected and stopped phishing attacks from China on hundreds of Gmail accounts of U.S. and Asian government officials, as well as political activists, journalists and military personnel.