We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

More than E-mail at Stake in Google Gmail Attack

A hacked Gmail account unlocks way more than just e-mail for the attacker.

There is a lot of talk--and diplomatic tension--this week related to reports that attacks originating from China have breached Google Gmail accounts, including those of senior US government officials. The focus is on e-mail, and whether or not e-mail accounts were hacked, but a breached Gmail account is a much bigger prize than just the e-mail account it is attached to.

Google claims that the spear phishing attacks that targeted Gmail accounts of White House staff, and successfully exposed accounts of senior US government officials, high-ranking military personnel, and political activists, originated from China. China denies any state-sponsored involvement in the attacks, and the FBI is investigating.

The Gmail e-mail accounts are getting all of the attention. Catalin Cosoi, head of the BitDefender Online Threats Lab, notes in a blog post, "Just as in the previous attack against the Gmail service, we can assume that cyber-criminals went after sensitive documents the users might have inadvertently forwarded from their business inboxes."

But, it would be more accurate to say that Google accounts are being targeted or compromised--not just Gmail. Depending on the extent the hacked account relies on Google, there is potentially much more at stake than just the documents that might be forwarded as a file attachments from Gmail. There is no differentiation between hacking a Gmail account, and hacking the rest of the diverse array of Google services.

I am not saying that attackers can't glean valuable information from hacking the Gmail account itself--just that e-mail only scratches the surface of what is breached when an attacker compromises a Google account. With the Gmail username and password in hand, an attacker can log in to the victim's Google Calendar and find out where they're going to be, and when, based on the events and appointments it contains.

If the victim actually uses Google Docs, the attacker will have access to all documents, spreadsheets, presentations, forms, and drawings stored online by the victim--not just the ones that might have been included as a file attachment in an e-mail.

Accessing Google Maps could yield valuable information as well. Most users enter a home address as the default location to save time when searching for driving directions. That default location would be exposed to an attacker. If the victim has saved locations in My Maps--like a place of business, or frequently visited locations, those would all be available to the attacker as well.

It is up to Google, and China, and the FBI to get to the bottom of whether the compromised accounts are a state-sponsored act of international espionage, or just the work of run-of-the-mill spear phishing cyber-criminals. But, regardless of who is behind the attack, or what the underlying motives are, there is more than just e-mail at stake.

IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......