SAN FRANCISCO/LOS ANGELES (Reuters) - Hackers likely based in China tried to break into hundreds of Google mail accounts, including those of senior U.S. government officials, Chinese activists and journalists, the Internet company said on Wednesday.
The unknown perpetrators, who appeared to originate from Jinan in Shandong province, recently tried to crack and monitor email accounts by stealing passwords, but Google detected and “disrupted” their campaign, the world’s largest Web search company said on its official blog.
The revelation comes more than a year after Google disclosed a cyber attack on its systems that it said it traced to China, and could further strain an already tense relationship between the Web giant and Beijing.
That incident also triggered a highly charged debate over the country’s censorship and rigid control of the Internet. Google eventually all but pulled out of the world’s largest Internet market by users.
“Investors would like to see Google figure out a way to operate in China, and capitalize on the growth of the country,” said Cowen and Co analyst Jim Friedland.
“It’s been a tough relationship. And this highlights that it continues to be a tough relationship,” he said.
A U.S. government spokesman said it was looking into the incident but declined further comment.
“We recently uncovered a campaign to collect user passwords, likely through phishing,” Google said in a post on its corporate blog on Thursday. “The goal of this effort seems to have been to monitor the contents of these users’ emails.”
It “affected what seem to be the personal Gmail accounts of hundreds of users, including among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”
The events leading to Goggle’s withdrawal from China exacerbated an often difficult relationship between Washington and Beijing, with disputes ranging from human rights to trade.
The attacks revealed Wednesday were also the latest computer-based invasions directed at western companies. The United States has warned that a cyber attack — presumably if it is devastating enough — could result in real-world military retaliation, although analysts say it could be difficult to detect its origin with full accuracy.
Lockheed Martin Corp, the U.S. government’s top information technology provider, said last week it had thwarted “a significant and tenacious attack” on its information systems network, though no signs pointed to a Chinese origin.
The White House said it was investigating the claims, but referred Reuters to law enforcement.
“We’re looking into these reports and are seeking to gather the facts,” said White House spokesman Tommy Vietor. “We have no reason to believe that any official U.S. Government email accounts were accessed. I’d refer you to FBI for additional details.”
FBI spokeswoman Jenny Shearer said: “We are aware of Google’s announcement regarding attempts to obtain passwords and gain access to these accounts. We are working with Google to review this matter.”
Cyber attacks originating in China have become very common in recent years, said Bruce Schneier, chief security technology officer at telecommunications company BT.
“It’s not just the Chinese government. It’s independent actors within China who are working with the tacit approval of the government,” he said.
While Google said last year’s attack was aimed at its “corporate infrastructure,” the latest incident appears to have relied on tricking email users into revealing passwords, based on Google’s description in its blog post.
It said the perpetrators changed the victims’ email forwarding settings, presumably secretly sending the victims’ personal emails to other recipients.
Schneier said the details that Google has released about the email hijacking do not appear that unusual.
“For the past five years we’ve known that the Chinese conduct a lot of espionage over the Internet,” he said.
The bigger question, he said, was why Google was choosing to publicize this attack now.
The company said it notified the victims and relevant governments.
“It’s important to stress that our internal systems have not been affected — these account hijackings were not the result of a security problem with Gmail itself,” Google said.
The company’s shares finished 0.7 percent lower at $525.60.
Reporting by Alexei Oreskovic and Edwin Chan; additional reporting by Alister Bull in Washington D.C; Editing by Andre Grenon, Phil Berlowitz