what to do if google warns of statesponsored attack
Last Updated : GMT 06:49:16
Arab Today, arab today
Arab Today, arab today
Last Updated : GMT 06:49:16
Arab Today, arab today

What to do if Google warns of state-sponsored attack

Arab Today, arab today

Arab Today, arab today What to do if Google warns of state-sponsored attack

New York - Arabstoday

Some journalists continue to receive the warning from Google about state-sponsored attacks that we mentioned last week. The message appears on top of logged-in services like Gmail. Occasionally it will disappear for a few hours and then reappear, but there is no way to remove it. The warning can be disturbing, especially as the company does not provide much information, such as why it suspects such an origin for a hacking attack. Instead, it gives a link to its support pages explaining some general ways to increase the security of your Google account. Faced with the news that an entire nation-state is apparently intent on hacking your computer, taking care to not open strange email attachments and watching a video about strong passwords may hardly seem sufficient. What follows is a little more explanation, based on CPJ's experiences with journalist information security, about what Google may be seeing, and how you might defend yourself. What does a state-sponsored attack look like?In Syria, citizen reporters get sent fake video messages on Skype with malicious software attached. Hong Kong websites used by reporters are hacked and dangerous payloads inserted so that they might be downloaded by unsuspecting visitors. These attacks may be orchestrated by states, but the techniques are similar to those used by petty Internet criminals, who attempt to take control of Internet users' computers via mass fraudulent emails ("phishing") or constructing fake websites masquerading as legitimate. The difference between suspected state-sponsored cybercrime and this constant background cybercrime is not the sophistication or success of the attacks, but the targets. Some attacks are aimed at a small list of notable users--say, Tibetan activists, foreign correspondents in Shanghai, and Western diplomats; Iranian government officials and nuclear equipment engineers--rather than the scattergun lists of millions that most commercial cybercrime exploit. Google's warnings appear to be based on their systems for detecting run-of-the-mill cyberattacks. The company says, "...our detailed analysis--as well as victim reports--strongly suggest the involvement of states or groups that are state-sponsored" and warns users against fake websites and attachments in emails. Given this, our best guess is that Google is deducing a state attack partly because of who is being targeted. While the targeting is narrower than with phishing mails that are spammed to millions of addresses, these state-sponsored attacks are still being launched against hundreds or thousands rather than dozens of users. We've heard many reports of these warning signs. If your Google account is flagged, it's probably because you've ended up on some fairly large target list. Internet self-defense In terms of defending yourself, it doesn't really matter whether these attacks are state-sponsored or not. The tactics of the attacker remain the same: repeated attempts to guess passwords and psychological tricks to fool users into entering their passwords on fake websites or opening dangerous attachments. Everyday computer security advice, such as Google's, is just as valid against a group of opportunistic state-led hackers aiming at independent journalists or activists as it is against a group targeting the average consumer. One of the best ways you can defend against all of these attacks is to choose a stronger password. Another is to regularly update your computers' software to protect against security flaws. Finally, a specific technique against these attacks on Google's services is to use two-step verification. Two step verification means that when you log in with your password, Google will double-check to ensure that you are who you say you are. It will text you an additional password to enter, or ask you for a number that only you know, produced by a local app on your mobile phone. Google's info page on the attacks encourages all of these strategies. The future State-sponsored attacks can also be indicated by the unique resources exploited by the attacker. In the case of the "Flame" malware, which is suspected of being developed by a major Western power, the malicious software is unusually complex, and includes techniques that appear to have come from detailed mathematical research. In Iran and Tunisia, the governments used their control of the local telecommunications systems in attacks against domestic users' privacy. In these cases, governments are not just using the strategies of petty Internet criminals. They are marshaling their unique state-owned resources against individuals. There's no indication that Google is detecting such heavyweight attacks; its advice would be very different if it were. But those who have received its warning message may face such attacks in the future. If and when this happens, standard consumer advice may not be enough. To give a concrete example: hackers have already bypassed two-factor authentication systems by simultaneously obtaining the standard password, then taking control of the victim's phone line as well. State-sponsored attackers with access to the mobile phone network could, of course, do the same. Journalists we spoke to were already aware of these risks. Some who had received Google's warning were concerned that Google's two-factor authentication required them to give Google their mobile phone number online, and refused to do so. (While Google does oblige you to enter your phone number in their two-factor setup procedure, you can remove the number after setup, if you set your smartphone to generate its own passwords locally.) These reporters' caution is understandable. As we say in CPJ's Journalist Security Guide, your best defense is your professional knowledge of potential attackers. Google's general warning about state attacks is a useful clue as to who may be interested in you, and for now, the company's security advice is good. But it's always worth thinking about the specifics of your own situation, and taking extra precautions. While Google and other "cloud" services would never instruct you to do so, you may wish to delete confidential data held in online accounts, or even close down a targeted account entirely. You also might want to compartmentalize data by keeping it offline, or use separate accounts on separate computers. Think about how the attacker might have obtained enough information to target your account. Do they just know your email address? Have your colleagues been similarly targeted? Discuss with others what you've learned, and share advice. Above all, don't feel too singled out. There are a lot of people seeing Google's warning. If you haven't already considered that you are attracting the attention of the local authorities, it's a useful new indication. But most journalists already know they are on a government list. Google's warning should remind us to do online what good journalists have always done: be careful about what you say, and what information you keep or hand out to third parties--including services like Google. CPJ.

arabstoday
arabstoday

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

what to do if google warns of statesponsored attack what to do if google warns of statesponsored attack

 



Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

what to do if google warns of statesponsored attack what to do if google warns of statesponsored attack

 



GMT 10:59 2018 Friday ,07 December

Houthi militia shell commercial center in Hodeidah

GMT 21:12 2017 Sunday ,10 December

UAE, Sri Lanka advancing bilateral relations

GMT 19:21 2017 Wednesday ,08 November

Iqbal Day marked in Paris

GMT 18:14 2017 Wednesday ,31 May

A handbag? For $380k, it's yours

GMT 21:17 2017 Saturday ,21 October

EU summit to throw Britain a Brexit bone

GMT 15:45 2017 Friday ,04 August

Yemeni army liberated more areas in Shabwa

GMT 20:23 2017 Thursday ,14 September

Paul Auster tops shortlist for Man Booker prize

GMT 09:55 2017 Tuesday ,14 November

Horford leads way as Celtics win 12th straight

GMT 20:04 2018 Sunday ,02 September

Drive to teach food safety to housewives

GMT 08:54 2014 Monday ,17 November

German artist hits back at Bayreuth Festival

GMT 13:15 2018 Wednesday ,17 January

Bassil welcomes Ambassadors of Iraq, Hungary

GMT 01:05 2017 Thursday ,23 March

Strawberry prices fall to Dh10 a kilogram
Arab Today, arab today
 
 Arab Today Facebook,arab today facebook  Arab Today Twitter,arab today twitter Arab Today Rss,arab today rss  Arab Today Youtube,arab today youtube  Arab Today Youtube,arab today youtube

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©

arabstoday arabstoday arabstoday arabstoday
arabstoday arabstoday arabstoday
arabstoday
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
arabstoday, Arabstoday, Arabstoday