Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Saturday, November 16, 2013

My First State-Sponsored Attack

I thought I’d seen it all but today I was stunned by a warning from our friends at Google. This month I’m celebrating the 16th anniversary of my battle against spyware, adware, malware, viruses, Trojans, root kits, zero-day vulnerabilities and more. I’ve had my share of password surfers, phishing emails, denial of service attacks and cease and desist orders but today was a first.

The warning from Google said “We believe state-sponsored attackers may be attempting to compromise your account or computer.

It started with an Email to a GMail account I rarely use but is connected to many Google tools that I use. The subject line said
Suspicious sign in prevented

gmailhack0

I normally may have ignored this Email. I tend to be cautious of any official looking Email with links. When moving my over the links they appeared to be legitimate from Google but I still manually entered Gmail.com on another computer to change my password. That’s when Google displayed the banner warning me about a state-sponsored attack. 

gmailhack4

Apparently this happens so often that Google has a help page just for this situation. Clicking on the “Protect yourself now” link opened up a page with additional recommendations.


gmailhack2 
Click to view web page


This attack has been identified as “state-sponsored” but I doubt it’s really my first and probably won’t be my last.

I’ve taken appropriate steps to protect my account but I’m still curious about a few things. What in particular identifies this attack as state-sponsored? Even more important, which state is attacking me?

Share on Facebook


3 Comments:

Blogger Martin said...

Wow, thanks for the transparency report. About the state attacking you, judging from the IP, unless they used a proxy or a compromised computer, I guess that could be the USA... And the endgame might be to introduce some nasty stuff in a piece of software used by security-aware users. Could be worth signing your releases with your GPG key in the future to protect us in case they access your FTP and alter the binaries.
I'm quite curious too about the way they detect that the attack is state-sponsored, though.

2:34 AM  
Blogger JusJane said...

http://www.eweek.com/security/google-warning-of-more-state-sponsored-cyber-attacks/

hm. wonder if it'll post. I'm forgetting my html

6:16 PM  
Blogger George Bounacos said...

I've had these in the past, but with two-factor authentication, I'm not overly concerned. Or maybe I should be?

But yes, I would think that anything about you would be a cyberwar target, even your contact list for loose accounts there.

7:24 PM  

Post a Comment

<< Home