Google Says Gmail Hacking Likely From China

Suspected Chinese hackers tried to steal the passwords of hundreds of Google email account holders, including those of senior U.S. government officials, Chinese activists and journalists, the Internet company said.

The claim by the world's largest Web search engine sparked an angry response from Beijing, which said blaming China was "unacceptable", pointing to further tensions in an already strained relationship with Google.

The perpetrators appeared to originate from Jinan, the capital of China's eastern Shandong province, Google said. Jinan is home to one of six technical reconnaissance bureaus belonging to the People's Liberation Army and a technical college U.S. investigators last year linked to a previous attack on Google.

Washington said it was investigating Google's claims while the FBI said it was working with Google following the attacks -- the latest computer-based invasions directed at multinational companies that have raised global alarm about Internet security.

Andrew Davies of the Australian Strategic Policy Institute, an independent security and defence think tank, said governments needed to pay more attention to hacking no matter where it originated from.

"I think there has been a certain lack of appreciation of the looming threat around the world," Davies said.

"We've been in catch-up mode for the last couple of years and it's been hard to wake up western governments to the magnitude of the threat."

The hackers recently tried to crack and monitor email accounts by stealing passwords, but Google detected and "disrupted" their campaign, the company said on its official blog. Google said it had notified the victims.

The revelation comes more than a year after Google disclosed a cyberattack on its systems that it said it traced to China. Google partially pulled out of China, the world's largest Internet market by users, last year after a tussle with the government over censorship.

"We recently uncovered a campaign to collect user passwords, likely through phishing," Google said, referring to the practice where computer users are tricked into giving up sensitive information.

It "affected what seem to be the personal Gmail accounts of hundreds of users, including among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists."

A Washington-based security expert, Mila Parkour, first reported the Gmail attacks on her blog in February, saying they appeared to have started last year and were invasive.

China's Foreign Ministry said it "cannot accept" accusations hackers in China tried to break into hundreds of Gmail accounts.


Google did not say the Chinese government was behind the attacks or say what might have motivated them.

But a former U.S. government official who served in China said he was fairly sure the Chinese government was responsible. He said it was a sign of Beijing's fears that contagion from the Arab "jasmine" uprisings could spread to China.

"I'm fairly certain it's the Chinese government, and probably the PLA," the former official, who asked that his name not be used, told Reuters. "There's all kinds of Internet issues going on now in China, and I think it's largely driven by the Jasmine movement. China's very afraid of that."

The United States has warned that a cyberattack -- presumably if it is devastating enough -- could result in real-world military retaliation, although analysts say it could be difficult to detect its origin with full accuracy.

Lockheed Martin Corp , the U.S. government's top information technology provider, said last week it had thwarted "a significant and tenacious attack" on its information systems network, though the company and government officials have not yet said where they think the attack originated.

Cyberattacks originating in China have become common in recent years, said Bruce Schneier, chief security technology officer at telecommunications company BT.

"It's not just the Chinese government. It's independent actors within China who are working with the tacit approval of the government," he said.

White House spokesman Tommy Vietor said there was no reason to believe any U.S. government email accounts were accessed. An official at South Korea's presidential office said the Blue House had not been affected, but added they did not use Gmail for official business.


Technical reconnaissance bureaus, including the one in Jinan, oversee China's electronic eavesdropping, according to an October 2009 report by the U.S.-China Economic and Security Commission, a panel created by Congress to monitor potential national security issues related to U.S- China relations.

The bureaus "are likely focused on defense or exploitation of foreign networks", the commission report states.

Last year, U.S. investigators said there was evidence suggesting a link between the Lanxiang Vocational School in Jinan and the hacking attacks on Google and over 20 other firms, the New York Times reported. The school denied the report.

"Blaming these misdeeds on China is unacceptable," Chinese Foreign Ministry spokesman Hong Lei told a regular news briefing in Beijing.

"Hacking is an international problem and China is also a victim. The claims of so-called Chinese state support for hacking are completely fictitious and have ulterior motives."

The official Xinhua news agency said in a commentary that Google had provided "no solid proof" to support its claims.

China has said repeatedly it does not condone hacking, which remains a popular hobby in the country, with numerous websites offering cheap courses to learn the basics.

Three Chinese dissidents told Reuters their accounts had been infiltrated, although eight others who were contacted said they had no problems.

Google's security team on Thursday sent an email to dissident Jiang Qisheng, who was a student negotiator jailed for years for his role in the June 4, 1989 pro-democracy protests in Beijing's Tiananmen Square, that it "recently detected suspicious activity" on his account.

"The suspicious activity appears to have originated in China as an attempt to establish and maintain access to your account without your knowledge," said the email, which was forwarded to Reuters.

While Google said last year's attack was aimed at its corporate infrastructure, the latest incident appears to have relied on tricking email users into revealing passwords, based on Google's description in its blog post.

It said the perpetrators changed the victims' email forwarding settings, presumably secretly sending the victims' personal emails to other recipients.

In Parkour's blog, screenshots show a highly personalised message and a document for the recipient to download. The analyst managed to trace some of these examples back to the China Unicom Shandong province network in Jinan.

The events leading to Google's withdrawal from China exacerbated an often difficult relationship between Washington and Beijing, with disputes ranging from human rights to trade.

In January 2010, Google announced it was the target of a sophisticated cyberattack using malicious code dubbed "Aurora", which compromised the Gmail accounts of human rights activists and succeeded in accessing Google source code repositories.