Google: “State-sponsored attackers may be attempting to compromise your account”

Google has said that it will start to proactively warn internet users when it suspects that “state-sponsored attackers” have attempted to break into accounts.

In an official blog entry, Google says how it will display the warning to users of Chrome, Gmail and its search engine when it believes the users have been the target of state-sponsored attacks.

State-sponsored attackers may be attempting to compromise your account

The message reads:

Sign up to our free newsletter.
Security news, advice, and tips.

Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now

(Click the image above for a larger version)

The obvious question to ask is.. how does Google determine if an attack is state-sponsored or not? The problem of attribution has always been a significant one for those investigating cybercrime – as it’s often extremely difficult to tell the difference between a hack conducted under the orders of an army general and one perpetrated by a lone wolf in his back bedroom.

That’s a question which Google is reluctant to answer. From their blog entry:

You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.

That’s a shame. You can imagine how anyone who sees the warning from Google of a state-sponsored attack might well get the heebie-jeebies. If a little more light was shed as to why they were warning a particular user, it might be more helpful.

As Google, points out – there’s more you can do than just having a hard-to-crack password. Even if hackers who broke into your Gmail account no longer know your password, there are still things they could have done *while* they had access to your email which will allow them to continue to monitor your communications.

For instance, it’s possible for someone to have tampered with your Gmail account to silently forward all messages that you receive to another account.

Gmail forwarding

Similarly, it’s a good idea to check that no-one has been unexpectedly authorised to read and send email from your account.

Gmail delegation

And if you’re the sort of person who might be considered a target for a state-sponsored hacking attack, what are you doing using Gmail for your sensitive communications anyway? Shouldn’t you at the very least be using some form of two factor authentication to better protect your account?

This isn’t, of course, the first time that Google has warned of state-sponsored attacks. Last year, it advised every Google user in Iran to check if their accounts had been hacked and – most famously – the company made headlines in early 2010, claiming that Chinese human rights activists had been targeted in an attack dubbed “Operation Aurora”.

Further reading: Check out my much more detailed article about “How to stop your Gmail account being hacked”.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.