Google China e-mail hack: FBI to investigate

http://www.bbc.co.uk/go/rss/int/news/-/news/world-us-canada-13635912

Version 0 of 1.

The FBI is investigating "serious" claims that hackers in China breached e-mails of top US officials, Secretary of State Hillary Clinton has said.

On Wednesday, Google said a campaign to obtain passwords was aimed at monitoring e-mail, and originated in Jinan, a city in eastern China.

The Chinese government on Thursday denied it was involved.

US government agencies have said no official email accounts were hacked and have released no further information.

"These allegations are very serious. We take them seriously. We are looking into them," Secretary of State Clinton said.

In a statement on an <a href="http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+blogspot%2FMKuf+%28Official+Google+Blog%29&utm_content=Google+Feedfetcher" >official company blog</a> on Wednesday, Google said its security was not breached but indicated hundreds of individuals' passwords were obtained through fraud.

Chinese political activists and officials in other Asian countries were also targeted, Google said.

Foreign Ministry spokesman Hong Lei said China was working to crack down on global computer hacking, but he did not say whether the government would investigate Google's report.

Security experts say they are seeing an increase in these so-called spear phishing incidents in which attackers go after specific information or assets and aim at "high value individuals".

One consultant described it as an "epidemic", while another said such attacks are all too easy to perpetrate given the amount of information that lives on the internet about people - from their Twitter stream to their Facebook pages to sites that trace your family tree.

A smart attacker can assemble enough information to "influence and convince" a target that they are receiving a genuine email from someone they know.

"Allegations that the Chinese government supports hacking activities are completely unfounded and made with ulterior motives," Mr Hong said, according to the Reuters news agency.

The e-mail scam uses a practice known as "spear phishing" in which specific e-mail users are tricked into divulging their login credentials to a web page that resembles Google's Gmail web service (or which appears related to the target's work) but is in fact run by hackers, according to a <a href="http://contagiodump.blogspot.com/2011/02/targeted-attacks-against-personal.html#more" >an external blog report pointed to</a> by Google.

Having obtained the user's e-mail login and password, the hackers then tell Gmail's service to forward incoming e-mail to another account set up by the hacker.

In Washington, the BBC's Adam Brookes says it is extremely difficult for analysts to determine whether governments or individuals are responsible for such attacks.

But the fact that the victims were people with access to sensitive, even secret information, raises the possibility that this was cyber espionage, not cyber crime, our correspondent says.