Google Search, Gmail, and Chrome Face State-Sponsored Attack Threats Again

By | Oct 10, 2012

Earlier this year in June, Google posted a statement visible to many users of its Google search, Gmail, and Chrome browser. Part of the unusual statement read: "Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer."

According to the New York Times, Mike Wiacek from Google's security team said that since Google started alerting users to state-sponsored threats three months ago, the company has collected intelligence information on the attack methods and the responsible groups behind them. Wiacek said Google was now using the information from this intelligence to warn thousands of users who might be vulnerable to the attacks.

On October 2, many users of Google search, Gmail, and Chrome in the U.S. started to report seeing the warning message. Several people expressed their confusion on Twitter, including prominent journalist and editor at Wired, Noah Schactman who sent out a tweet about the warning message.

Google says it is seeing a spike in state-sponsored attacks from the Middle East but declined to mention specific countries of origin. If this information is accurate, it would support recent trends of similar threats coming from Middle Eastern countries most notably Qatar, Bahrain, the UAE, and Iran, which is suspected to also use spyware for monitoring its own nationals abroad.

Midsize IT and the Unusual Problem of Cyber Terrorism

The recent hacking experience by major U.S. banks seems to follow this disturbing trend of cyber terrorism from the Middle East. The difference, however, is that typically, state-sponsored threats usually directly target large enterprises and government agencies while in this case individual consumer accounts seem to be the focus.

To save money on in-house IT infrastructure, thousands of midsize firms use business application and cloud services from vendors like Google. Now that these threats are also focusing on individual accounts through a big vendor like Google, it is far easier for the hackers to attack thousands of small and midsize businesses using Google services, as opposed to directly attacking only a few large companies.

For midsize IT this raises concerns about third-party applications and cloud services, even those provided by well-established vendors like Google. While the use of third-party applications is almost unavoidable for midsize businesses in this day and age, absolute faith in the security of popular vendor services is a grave mistake.

Regardless of what third-party applications are used, midsize IT is ultimately responsible for IT security at a firm. The spate of cyber terrorism targeting businesses and the globalized nature of the business environment today means that, more than ever, midsize IT will be called upon to tackle complex security issues like those emanating from the other side of the globe.

This trend serves as a reminder to midsize IT managers that in the name of cost-savings, third-party applications should never replace in-house platforms used for sensitive processes. Firms must always maintain control over sensitive information and processes for as long as is feasible.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Security & Resiliency

IBM's IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Privacy Lessons from Snapchat

By Rebecca Herold on Jun 5, 2014
There are many new small and mid-size business start-ups who are offering a wide range of online services, mobile apps, and smart devices. There are also many businesses that have been around a long time that see an opportunity and ...

10 Big Data Analytics Privacy Problems

By Rebecca Herold on Jun 30, 2014
10 Big Data Analytics Privacy Problems Big data analytics are being used more widely every day for an even wider number of reasons. These new methods of applying analytics certainly can bring innovative improvements for business. For example, retail businesses ...