Related Video

Google says Gmail hacking linked to China

11:32am EDT

1 / 2

A security personnel walks past the logo of Google in front of its former headquarters in Beijing June 2, 2011.

Credit: Reuters/Jason Lee

BEIJING/SAN FRANCISCO (Reuters) - Suspected Chinese hackers tried to steal the passwords of hundreds of Google email account holders, including those of senior U.S. government officials, Chinese activists and journalists, the Internet company said.

The claim by the world's largest Web search engine sparked an angry response from Beijing, which said blaming China was "unacceptable," pointing to further tensions in an already strained relationship with Google.

The perpetrators appeared to originate from Jinan, the capital of China's eastern Shandong province, Google said. Jinan is home to one of six technical reconnaissance bureaus belonging to the People's Liberation Army and a technical college U.S. investigators last year linked to a previous attack on Google.

Washington said it was investigating Google's claims while the FBI said it was working with Google following the attacks -- the latest computer-based invasions directed at multinational companies that have raised global alarm about Internet security.

Andrew Davies of the Australian Strategic Policy Institute, an independent security and defense think tank, said governments needed to pay more attention to hacking no matter where it originated from.

"I think there has been a certain lack of appreciation of the looming threat around the world," Davies said.

"We've been in catch-up mode for the last couple of years and it's been hard to wake up western governments to the magnitude of the threat."

The hackers recently tried to crack and monitor email accounts by stealing passwords, but Google detected and "disrupted" their campaign, the company said on its official blog. Google said it had notified the victims.

The revelation comes more than a year after Google disclosed a cyberattack on its systems that it said it traced to China. Google partially pulled out of China, the world's largest Internet market by users, last year after a tussle with the government over censorship.

"We recently uncovered a campaign to collect user passwords, likely through phishing," Google said, referring to the practice where computer users are tricked into giving up sensitive information.

It "affected what seem to be the personal Gmail accounts of hundreds of users, including among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists."

A Washington-based security expert, Mila Parkour, first reported the Gmail attacks on her blog in February, saying they appeared to have started last year and were invasive.

China's Foreign Ministry said it "cannot accept" accusations hackers in China tried to break into hundreds of Gmail accounts.

U.S. WARNING

Google did not say the Chinese government was behind the attacks or say what might have motivated them.

But a former U.S. government official who served in China said he was fairly sure the Chinese government was responsible. He said it was a sign of Beijing's fears that contagion from the Arab "jasmine" uprisings could spread to China.

"I'm fairly certain it's the Chinese government, and probably the PLA," the former official, who asked that his name not be used, told Reuters.

"There's all kinds of Internet issues going on now in China, and I think it's largely driven by the Jasmine movement. China's very afraid of that."

The United States has warned that a cyberattack -- presumably if it is devastating enough -- could result in real-world military retaliation, although analysts say it could be difficult to detect its origin with full accuracy.

Lockheed Martin Corp, the U.S. government's top information technology provider, said last week it had thwarted "a significant and tenacious attack" on its information systems network, though the company and government officials have not yet said where they think the attack originated.

Cyberattacks originating in China have become common in recent years, said Bruce Schneier, chief security technology officer at telecommunications company BT.

"It's not just the Chinese government. It's independent actors within China who are working with the tacit approval of the government," he said.

White House spokesman Tommy Vietor said there was no reason to believe any U.S. government email accounts were accessed. An official at South Korea's presidential office said the Blue House had not been affected, but added they did not use Gmail for official business.

ELECTRONIC EAVESDROPPING

Technical reconnaissance bureaus, including the one in Jinan, oversee China's electronic eavesdropping, according to an October 2009 report by the U.S.-China Economic and Security Commission, a panel created by Congress to monitor potential national security issues related to U.S- China relations.

The bureaus "are likely focused on defense or exploitation of foreign networks," the commission report states.

Last year, U.S. investigators said there was evidence suggesting a link between the Lanxiang Vocational School in Jinan and the hacking attacks on Google and over 20 other firms, the New York Times reported. The school denied the report.

"Blaming these misdeeds on China is unacceptable," Chinese Foreign Ministry spokesman Hong Lei told a regular news briefing in Beijing.

"Hacking is an international problem and China is also a victim. The claims of so-called Chinese state support for hacking are completely fictitious and have ulterior motives."

The official Xinhua news agency said in a commentary that Google had provided "no solid proof" to support its claims.

China has said repeatedly it does not condone hacking, which remains a popular hobby in the country, with numerous websites offering cheap courses to learn the basics.

Three Chinese dissidents told Reuters their accounts had been infiltrated, although eight others who were contacted said they had no problems.

Google's security team on Thursday sent an email to dissident Jiang Qisheng, who was a student negotiator jailed for years for his role in the June 4, 1989 pro-democracy protests in Beijing's Tiananmen Square, that it "recently detected suspicious activity" on his account.

"The suspicious activity appears to have originated in China as an attempt to establish and maintain access to your account without your knowledge," said the email, which was forwarded to Reuters.

While Google said last year's attack was aimed at its corporate infrastructure, the latest incident appears to have relied on tricking email users into revealing passwords, based on Google's description in its blog post.

It said the perpetrators changed the victims' email forwarding settings, presumably secretly sending the victims' personal emails to other recipients.

In Parkour's blog, screenshots show a highly personalized message and a document for the recipient to download. The analyst managed to trace some of these examples back to the China Unicom Shandong province network in Jinan.

The events leading to Google's withdrawal from China exacerbated an often difficult relationship between Washington and Beijing, with disputes ranging from human rights to trade.

In January 2010, Google announced it was the target of a sophisticated cyberattack using malicious code dubbed "Aurora," which compromised the Gmail accounts of human rights activists and succeeded in accessing Google source code repositories.

The company, and subsequent public reports, blamed the attack on the Chinese government.

"We'll certainly see more of this in the future, as Chinese hackers -- independent and otherwise -- target Google because of its global popularity and its decision to defy the Chinese government on censorship, which some hackers will misconstrue as being anti-Chinese," said Michael Clendenin, managing director of RedTech Advisors, a technology consulting firm.

Google has lost share to rival Baidu Inc in China's Internet market, the world's largest with more than 450 million users. Google's shares finished 0.7 percent lower at $525.60.

(Additional reporting by Alister Bull in Washington D.C, Jeremy Laurence in Seoul, Benjamin Kang Lim, Chris Buckley, Michael Martina, Ben Blanchard and Sabrina Mao in Beijing, Melanie Lee in Shanghai and Rob Taylor in Canberra; Editing by Andre Grenon, Phil Berlowitz and Dean Yates)

original content on reuters

Howard Stringer, chief executive and president of Sony Corporation, speaks at a function to launch the Sony Media Technology Centre at a film school on the outskirts of Mumbai March 4, 2011.

Credit: Reuters/Danish Siddiqui

WASHINGTON/BOSTON (Reuters) - Sony Corp blamed Internet vigilante group Anonymous for indirectly allowing a hacker to gain access to personal data of more than 100 million video game users.

The accusation came in a letter to Congress and prompted renewed complaints that the Japanese electronics giant's disclosure had been inadequate and tardy.

The company said it waited two days after first discovering data was stolen from its PlayStation video game network before contacting law enforcement, and did not meet with FBI officials until five days later.

"Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack," Kazuo Hirai, chairman of the board of Sony Computer Entertainment America, said in a letter to the U.S. Congress.

The theft prompted the U.S. Justice Department and Federal Bureau of Investigation to open an investigation, officials said on Wednesday.

"It is something we are taking extremely seriously," said U.S. Attorney General Eric Holder.

He said the government is also probing the theft of reams of email addresses and names that Alliance Data Systems Corp's Epsilon marketing unit discovered last month.

New York Attorney General Eric Schneiderman has subpoenaed Sony entities over the breaches.

Schneiderman subpoenaed Sony for conversations and documents that related to its security systems and any representations about those systems made to consumers, said a source familiar with the issue. A Schneiderman spokesman declined comment.

GOOD ENOUGH?

Wedbush Securities analyst Michael Pachter said Sony's public disclosures have not been sufficient to quell customer concerns about the theft.

He would like to see Sony notify each of the 12.3 million customers whose credit data may have been stolen.

"Sony needs to make a statement to consumers: 'You will not be harmed, and we will indemnify you against any harm,' And they just have not done that in any of their apologies."

Sony said that its video game network was breached at the same time it was defending itself against a major denial-of-service attack by a group calling itself Anonymous. A denial-of-service attacks makes a server or system unavailable by overwhelming its network with internet traffic.

Anonymous is the name of a grass-roots cyber group that in December launched attacks that temporarily shut down the sites of MasterCard Inc and Visa Inc using simple software tools available for free over the Internet.

The group attacked the two credit card companies with denial-of-service attacks that overwhelmed their servers for blocking payments to WikiLeaks.

Sony said on Wednesday that Anonymous targeted it several weeks ago using a denial-of-service attack in protest of Sony defending itself against a hacker in federal court in San Francisco.

The attack that stole the personal data of millions of Sony customers was launched separately, while the company was distracted protecting itself against the denial-of-service campaign, Sony said.

The company said it was not sure whether the organizers of the two attacks were working together.

Sony did say that its PC gaming unit, Sony Online Entertainment, discovered last Sunday a file planted on a server that was named "Anonymous" and had the words "We are legion," in it. But the self-styled vigilantes denied involvement in the data theft.

They released a statement via YouTube last month saying that while the group's organizers had not stolen the data, it was possible some members of the group were involved in the matter. (bit.ly/mG3WvT)

Members of Anonymous involved in the denial-of-service campaign may have decided to seize the opportunity to steal the data while Sony was distracted protecting its network, said Jeff Moss, chief security officer for the Internet Corporation for Assigned Names and Numbers, or ICANN.

'HALF-BAKED' RESPONSE

The company noticed unauthorized activity on its network on April 19, and discovered that data had been transferred off the network the next day. It waited until April 22 to notify the FBI.

Sony chose to disclose the latest details of the attacks in a letter to the U.S. House Energy and Commerce subcommittee on commerce, manufacturing and trade rather than testify in a hearing on cyber attacks that was held on Wednesday.

Lawmakers expressed disappointment that Sony and Epsilon declined to appear at the hearing and pledged a bill that would require companies to do a better job of safeguarding their customers' data and to quickly disclose to customers when their data was lost.

Subcommittee Chairwoman Mary Bono Mack noted with dismay that Sony first disclosed the breach on a blog.

"Sony put the burden on consumers to search for information, instead of accepting the burden of notifying them," she said. "If I have anything to do with it, that kind of half-hearted, half-baked response is not going to fly in the future."

(Additional reporting by Liana B. Baker and Joan Gralla in New York; Editing by Maureen Bavdek, Gerald E. McCormick and Steve Orlofsky)

original content on reuters

(AFP/Getty Images/File) - A person walks along Wall Street in the financial district in New York. A corporate attorney and a Wall Street trader used insider information to earn millions dealing in the stocks of some of the biggest tech-sector M&A deals in the past five years, the government said Wednesday.(AFP/Getty Images/File/Spencer Platt)

original content on yahoo

original content on yahoo