Last night Google (news, site) announced that it had been the victim of a phishing attack originating in China. Although software security was not breached, according to Google, human hacking allowed attackers to obtain personal e-mail accounts of hundreds of US officials, military personnel and journalists.
Compromising people can be just as effective, if not more effective since there may not be a trail of evidence. Human hacking can come in many forms from tricking users to install malware and monitoring usage to phishing, which was used in the Google attack.
Phishing involves tricking a user into disclosing private information such as a password. Google indicated it discovered and stopped the attack to obtain passwords, and use them to monitor email by forwarding a copy to another address. Google stated,
"We have notified victims and secured their accounts. In addition, we have notified relevant government authorities."
U.S. officials are investigating, but believe only personal official government accounts were breached. However, since users frequently share content between work and home, it is possible that official content was inadvertently released.
This is not the first time that Google and China have had issues. The relationship has long been distressed. Earlier in the year a break-in also originating in China, prompted Google to move its search engine to Hong Kong, which isn't subject to Bejing's rules, to avoid content censoring by the Chinese government.
China Says It Wasn't Us
Although the phishing attacks originated within Jinan, China, the home city of a military vocational school whose computers were linked to an assault 17 months ago, China's Foreign Ministry spokesman Hong Lei said China is firmly opposed to activities that sabotage Internet and computer security. The spokesman added that they could not have possibly been involved because they too had been hacked.
Nobody offered details on the Chinese hacking, but officials said the Google's allegations are little more than rumors and thin air.