Google reveals Gmail hacking, likely from China


People use computers in an Internet cafe at the centre of Shanghai January 13, 2010. REUTERS/Nir Elias

People use computers in an Internet cafe at the centre of Shanghai January 13, 2010.

Credit: Reuters/Nir Elias

Related Topics

SAN FRANCISCO/LOS ANGELES (Reuters) - Hackers likely based in China tried to break into hundreds of Google mail accounts, including those of senior U.S. government officials, Chinese activists and journalists, the Internet company said on Wednesday.

The unknown perpetrators, who appeared to originate from Jinan in Shandong province, recently tried to crack and monitor email accounts by stealing passwords, but Google detected and "disrupted" their campaign, the world's largest Web search company said on its official blog.

The revelation comes more than a year after Google disclosed a cyber attack on its systems that it said it traced to China, and could further strain an already tense relationship between the Web giant and Beijing.

That incident also triggered a highly charged debate over the country's censorship and rigid control of the Internet. Google eventually all but pulled out of the world's largest Internet market by users.

"Investors would like to see Google figure out a way to operate in China, and capitalize on the growth of the country," said Cowen and Co analyst Jim Friedland.

"It's been a tough relationship. And this highlights that it continues to be a tough relationship," he said.

A U.S. government spokesman said it was looking into the incident but declined further comment.

"We recently uncovered a campaign to collect user passwords, likely through phishing," Google said in a post on its corporate blog on Thursday. "The goal of this effort seems to have been to monitor the contents of these users' emails."

It "affected what seem to be the personal Gmail accounts of hundreds of users, including among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists."


The events leading to Goggle's withdrawal from China exacerbated an often difficult relationship between Washington and Beijing, with disputes ranging from human rights to trade.

The attacks revealed Wednesday were also the latest computer-based invasions directed at western companies. The United States has warned that a cyber attack -- presumably if it is devastating enough -- could result in real-world military retaliation, although analysts say it could be difficult to detect its origin with full accuracy.

Lockheed Martin Corp, the U.S. government's top information technology provider, said last week it had thwarted "a significant and tenacious attack" on its information systems network, though no signs pointed to a Chinese origin.

The White House said it was investigating the claims, but referred Reuters to law enforcement.

"We're looking into these reports and are seeking to gather the facts," said White House spokesman Tommy Vietor. "We have no reason to believe that any official U.S. Government email accounts were accessed. I'd refer you to FBI for additional details."

FBI spokeswoman Jenny Shearer said: "We are aware of Google's announcement regarding attempts to obtain passwords and gain access to these accounts. We are working with Google to review this matter."

Cyber attacks originating in China have become very common in recent years, said Bruce Schneier, chief security technology officer at telecommunications company BT.

"It's not just the Chinese government. It's independent actors within China who are working with the tacit approval of the government," he said.

While Google said last year's attack was aimed at its "corporate infrastructure," the latest incident appears to have relied on tricking email users into revealing passwords, based on Google's description in its blog post.

It said the perpetrators changed the victims' email forwarding settings, presumably secretly sending the victims' personal emails to other recipients.

Schneier said the details that Google has released about the email hijacking do not appear that unusual.

"For the past five years we've known that the Chinese conduct a lot of espionage over the Internet," he said.

The bigger question, he said, was why Google was choosing to publicize this attack now.

The company said it notified the victims and relevant governments.

"It's important to stress that our internal systems have not been affected -- these account hijackings were not the result of a security problem with Gmail itself," Google said.

The company's shares finished 0.7 percent lower at $525.60.

(Reporting by Alexei Oreskovic and Edwin Chan; additional reporting by Alister Bull in Washington D.C; Editing by Andre Grenon, Phil Berlowitz)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see
Comments (2)
ChangeWhat wrote:
Why not disconnect china from the rest of the world? Let them have their own internet based in china then maybe their government will stop playing games. Everyone knows its china, do they really think their fooling someone??

Jun 01, 2011 6:30pm EDT  --  Report as abuse
iwritedoper wrote:
Why not make it law to be part of the trusted identity initiative from the White House? I can’t wait to give all my information to only one center so that I don’t have to create accounts everywhere and remember passwords and risk getting hacked.

Jun 01, 2011 8:04pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.