BEIJING/SAN FRANCISCO (Reuters) - Suspected Chinese hackers tried to steal the passwords of hundreds of Google email account holders, including those of senior U.S. government officials, Chinese activists and journalists, the Internet company said.
The perpetrators appeared to originate from Jinan, the capital of China’s eastern Shandong province, Google said. Jinan is home to one of six technical reconnaissance bureaus belonging to the People’s Liberation Army and a technical college that U.S. investigators last year linked to a previous attack on Google.
Washington said it was investigating Google’s claims while the FBI said it was working with Google following the attacks — the latest computer-based invasions directed at multinational companies that have raised global alarm about Internet security.
The hackers recently tried to crack and monitor email accounts by stealing passwords, but Google detected and “disrupted” their campaign, the world’s largest Web search company said on its official blog.
The revelation comes more than a year after Google disclosed a cyberattack on its systems that it said it traced to China, and could further strain an already tense relationship between the Web giant and Beijing.
Google partially pulled out of China, the world’s largest Internet market by users, last year after a tussle with the government over censorship and a serious hacking episode.
“We recently uncovered a campaign to collect user passwords, likely through phishing,” Google said, referring to the practice where computer users are tricked into giving up sensitive information.
“The goal of this effort seems to have been to monitor the contents of these users’ emails.”
It “affected what seem to be the personal Gmail accounts of hundreds of users, including among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”
Google did not say the Chinese government was behind the attacks or say what might have motivated them.
But cyberattacks originating in China have become common in recent years, said Bruce Schneier, chief security technology officer at telecommunications company BT.
“It’s not just the Chinese government. It’s independent actors within China who are working with the tacit approval of the government,” he said.
The United States has warned that a cyberattack — presumably if it is devastating enough — could result in real-world military retaliation, although analysts say it could be difficult to detect its origin with full accuracy.
Lockheed Martin Corp, the U.S. government’s top information technology provider, said last week it had thwarted “a significant and tenacious attack” on its information systems network, though the company and government officials have not yet said where they think the attack originated.
“We have no reason to believe that any official U.S. government email accounts were accessed,” said White House spokesman Tommy Vietor.
A spokesman at South Korea’s presidential office said the Blue House had not been affected, but added they did not use Gmail. South Korea’s Ministry of Strategy and Finance said it had warned all staff “not to use, send or receive any official information through private emails such as Gmail.”
Technical reconnaissance bureaus, including the one in Jinan, oversee China’s electronic eavesdropping, according to an October 2009 report by the U.S.-China Economic and Security Commission, a panel created by Congress to monitor potential national security issues related to U.S- China relations.
The bureaus “are likely focused on defense or exploitation of foreign networks”, the commission report states.
Last year, U.S. investigators said there was evidence suggesting a link between the Lanxiang Vocational School in Jinan and the hacking attacks on Google and over 20 other firms, the New York Times reported. The school denied the report.
China’s foreign ministry and its state council information office did not respond to faxed inquiries.
China has said repeatedly it does not condone hacking, which remains a popular hobby in the country, with numerous websites offering cheap courses to learn the basics.
Three Chinese dissidents told Reuters their accounts had been infiltrated, although eight others who were contacted said they had had no problems.
Google’s security team on Thursday sent an email to dissident Jiang Qisheng, who was a student negotiator jailed for years for his role in the June 4, 1989 pro-democracy protests in Beijing’s Tiananmen Square, that it “recently detected suspicious activity” on his account.
“The suspicious activity appears to have originated in China as an attempt to establish and maintain access to your account without your knowledge,” said the email, which was forwarded to Reuters.
Cui Weiping, a professor at the Beijing Film Academy who has called for ending the official silence about the Tiananmen crackdown, said she could not open her Gmail account this morning and believed it had been hacked into.
“My Gmail account is suddenly inaccessible, because my password has been changed by someone and then I can’t open it,” she said.
While Google said last year’s attack was aimed at its corporate infrastructure, the latest incident appears to have relied on tricking email users into revealing passwords, based on Google’s description in its blog post.
It said the perpetrators changed the victims’ email forwarding settings, presumably secretly sending the victims’ personal emails to other recipients.
“Yesterday, when I opened my inbox, there was a prompt telling me to enter my personal information for safety purposes and to change my password and to fill in a forwarding email address. I ignored it,” said a Chinese activist, who declined to be identified, in emailed comments.
The events leading to Google’s withdrawal from China exacerbated an often difficult relationship between Washington and Beijing, with disputes ranging from human rights to trade.
In January 2010, Google announced it was the target of a sophisticated cyberattack using malicious code dubbed “Aurora”, which compromised the Gmail accounts of human rights activists and succeeded in accessing Google source code repositories.
The company, and subsequent public reports, blamed the attack on the Chinese government.
“We’ll certainly see more of this in the future, as Chinese hackers — independent and otherwise — target Google because of its global popularity and its decision to defy the Chinese government on censorship, which some hackers will misconstrue as being anti-Chinese,” said Michael Clendenin, managing director of RedTech Advisors, a technology consulting firm.
Google has lost share to rival Baidu Inc in China’s Internet market, the world’s largest with more than 450 million users.
“Investors would like to see Google figure out a way to operate in China, and capitalize on the growth of the country,” said Cowen and Co analyst Jim Friedland.
“It’s been a tough relationship. And this highlights that it continues to be a tough relationship,” he said.
Google said it had notified the victims and relevant governments in the recent attacks.
“It’s important to stress that our internal systems have not been affected — these account hijackings were not the result of a security problem with Gmail itself,” Google said.
The company’s shares finished 0.7 percent lower at $525.60.
Additional reporting by Alister Bull in Washington D.C, Jeremy Laurence in Seoul, Benjamin Kang Lim, Chris Buckley and Michael Martina in Beijing,; Editing by Andre Grenon, Phil Berlowitz and Dean Yates