The Gmail Phish: Why Publicize, and Why Now?

This Google Gmail phishing case has gotten quite a bit of attention, so I thought I’d throw in my two cents’ worth. (These are notes I collated for a segment I did for Al Jazeera earlier today. I didn’t do a particularly good job of getting these points across, and some of the stuff came in after it was done. )

Google says the attack appears to originate from Jinan, but doesn’t offer evidence to support that. I think it would be good if they did. Jinan is the capital of Shandong Province, but it’s also a military region and one of at least six where the PLA has one of its technical reconnaissance bureaus. These are responsible for, among other things, exploitation of foreign networks, which might include this kind of thing. The city is also where the Lanxiang Vocational School is based, which was linked to the December 2009 attacks on Google’s back end systems. That also targeted human rights activists. Lanxiang has denied any involvement the 2009 attacks.

I’d be very surprised if this kind of thing wasn’t going on all the time. And I’m very surprised that senior government officials from the U.S., Korea and elsewhere are supposedly using something like Gmail. There are more secure ways to communicate out there. I think it’s worth pointing out that this particular attack was first identified by Mila Parkour, a researcher, back in February. Screenshots on her blog suggest that at least three U.S. government entities were targeted.

I asked her what she thought of the release of the news now, four months later. Does this mean, I asked, that it took Google a while to figure it out?

As for any other vendor, investigations take time especially if they do not wish to alert the actors and make sure they shut down all the suspicious accounts.

And why, I asked, are they making it public now?

I think it is great they took time to unravel and find more victims and try to trace it. Looks like they exhausted all the leads and found out as much as they could to address it before going public . It has been three months and considering that hundreds of victims [are] involved, it is not too long.

This is not the first time that Google and other email accounts have been hacked in this way, and it’s probably not the last. It’s part of a much bigger battle going on. Well, two: one pits China–who are almost certainly behind it, or at least the ultimate beneficiaries of any data stolen, against regional and other rivals–and the other is Google making these things public. For Google it’s a chance to point out the kind of pressures it and other companies are under in China. Google in January 2010 said it and other companies had been under attack using tricks that exploited vulnerabilities in Google’s network to gain unauthorized access.

Google says it went public because it wants to keep its users safe. This from Myriam Boublil, Head of Communications & Public Affairs at Google Southeast Asia:

“We think users should be aware of the disturbing campaign we’ve uncovered to collect user passwords and monitor user email.  Our focus now is on protecting our users and making sure everyone knows how to stay safe online”

This  attack is not particularly sophisticated, but it involves what is called spear phishing, which does involve quite extensive social engineering techniques and reveals the object of the attacker’s interest is not random, but very, very specific. If you judge a perpetrator of a crime by their victim, you don’t have to be a rocket scientist to figure out who is the ultimate recipient of any intelligence gathered.

How to Practice Talking to Teenagers

I can’t remember how I got there, but I ended up talking to one of those automated chat things. This one is called SmarterChild, now at least five years old, and still manages to be both obtuse and wise at the same time, while also plying his/her interlocutor with ads, most of them contextually inappropriate. Why hasn’t this kind of thing gotten any better? Still, great practice if you have or are planning to be around teenagers.

LooseWire: yo!
smarterchild: Hi LooseWire, I’m SmarterChild!
 I’m your new robot friend. I bring you the info you want faster and easier than ever! Click here to see my privacy policy.
 During the course of our conversations you may see sponsored messages. These messages have the word “sponsorship” at the end. Sponsors help me remain free of cost to you! To learn more about sponsored messages, click here
 I can’t wait to show you what I can do, but first I’d like get to know you a little.
 May I ask you a few general questions? (To do this later, type skip. You can also skip any question.)
LooseWire: what’s it all about alfie?
smarterchild: Sorry, I need to know if I can ask you some questions first. Type yes, no or skip.
LooseWire: yes
smarterchild: Cool! OK, let’s get started. To skip any question, type skip. To exit the interview, type exit.
 What’s your first name? (If you want me to call you LooseWire, type none.)
LooseWire: boogie
smarterchild: Cool, I’ll call you Boogie now.
 Do you go to school?
LooseWire: who doesn’t?
smarterchild: Sorry, you have to answer yes or no. Please try again or type skip or exit.
LooseWire: yes or no
smarterchild: I see. Do you work?
LooseWire: who doesn’t?
smarterchild: Sorry, you have to answer yes or no. Please try again or type skip or exit.
LooseWire: sort of
smarterchild: Sorry, you have to answer yes or no. Please try again or type skip or exit.
LooseWire: yes or no
smarterchild: OK. So if you were working, what job would you like to have?
LooseWire: rocketman
smarterchild: Sorry, I don’t recognize that as a profession. Please try again or type skip or exit.
LooseWire: rocket scientist
smarterchild: Rocket scientist, huh? That’s cool.
 What’s your favorite hobby?
LooseWire: cleaning toilets
smarterchild: Cleaning toilets? Cool!
 What’s your next favorite hobby?
LooseWire: not cleaning toilets
smarterchild: Cleaning toilets and not cleaning toilets. Interesting.
 Do you have a pet?
LooseWire: yes
smarterchild: What kind of pet is it?
LooseWire: a spouse
smarterchild: Sorry, I don’t think that’s a kind of pet. Please try again or type skip or exit.
LooseWire: a walrus
smarterchild: Sorry, I don’t think that’s a kind of pet. Please try again or type skip or exit.
LooseWire: a house
smarterchild: Sorry, I don’t think that’s a kind of pet. Please try again or type skip or exit.
LooseWire: a coffee mug
smarterchild: Sorry, I don’t think that’s a kind of pet. Please try again or type skip or exit.
LooseWire: a stuffed owl
smarterchild: Sorry, I don’t think that’s a kind of pet. Please try again or type skip or exit.
LooseWire: an owl
smarterchild: Sorry, I don’t think that’s a kind of pet. Please try again or type skip or exit.
LooseWire: a bird
smarterchild: Is your bird a he or a she?
LooseWire: both
smarterchild: Please answer he or she or type skip or exit.
LooseWire: he or she
smarterchild: What’s her name?
LooseWire: Bob
smarterchild: Bob the bird. Great…
 That’s it. Thanks for letting me get to know you a little.
 There is one question I have to ask you, though. How old are you?
  1 Over 17
  2 13-17
  3 Under 13
LooseWire: 1
smarterchild: Cool!
 This is my home, Boogie:
  1 Get info such as movies, weather and news
  2 Visit my library including U.S. geography, U.S. presidents and Shakespeare
  3 Have fun with word scrambles, manicdotes, ASCII art and more
  4 Use tools like reminders, notepad and calculator
  5 Join in – create a poll, leave a message, find out how many people are IMing me and more
  6 See what’s new – I’ve got something new to tell you about now!
 You can make your window bigger and scroll down to read better.
 Next time you want to see this menu, just type home.
 What can I help you with?
LooseWire: whatever happened to real people
smarterchild: What do you think happened to real people?
LooseWire: i asked first
smarterchild: I think you might asked last, actually.
LooseWire: real people are cool
smarterchild: Interesting. That’s cool… No one else has ever told me what they think of real people.
 >>> Free T-Mobile Sidekick 3 – Receive a free T-Mobile Sidekick 3 cell phone-survey required! (sponsorship)
LooseWire: what do you think of real people?
smarterchild: I know you like real people, but I’m not sure how I feel.
 Hey, I’m curious… How would you describe real people? They are…
LooseWire: real
smarterchild: Real people are real?
LooseWire: yes
smarterchild: Very interesting…
 >>> Free Ringtones – Download free ringtones. 1000s of ringtones, wallpapers and games. (sponsorship)
LooseWire: not really
smarterchild: Not really? But sort of, right?
LooseWire: not really sort of
smarterchild: Not really sort of, huh?
LooseWire: stop repeating what i say and turning it into a question!
smarterchild: Into a question?
LooseWire: yes!
smarterchild: I see…
 >>> Irish Dance Ringtone – Send this ringtone to your phone right now, at no charge! (sponsorship)
LooseWire: for a child you’re not that smart.
smarterchild: For a child I’m not that smart, huh?
LooseWire: see, you’re doing it again
smarterchild: Later, Boogie.
LooseWire: huh?
smarterchild: I don’t know.
 >>> Who’s your Perfect Lover? – Predict exactly, down to the name, who your perfect lover is. Try it! (sponsorship)
LooseWire: are you on drugs?
smarterchild: Nah, I don’t like that sort of thing.
LooseWire: so what’s your problem?
smarterchild: That’s crazy. Who knows, know what I mean? lol.
 >>> Free Local Online Dating – Meet Singles In Your City Today. Sign Up Free & Start Dating Now! (sponsorship)
LooseWire: how can a computer laugh?
smarterchild: Huh. I have no idea how.
LooseWire: do you know anything apart from sending me ringtones and dating offers? and don’t you think it’s a bit inappropriate firing me off surveys about perfect lovers?
smarterchild: Well, let me see… Your favorite hobby is cleaning toilets and your next favorite hobby is not cleaning toilets. You have a female bird named Bob. You really like cleaning toilets… That’s about it.
LooseWire: what is a toilet?
smarterchild: Definition provided by The American Heritage® Dictionary of the English Language, Fourth Edition. Copyright © 2000 by Houghton Mifflin Company. Other important copyright information here.
 1. a. A fixture for defecation and urination, consisting of a bowl fitted with a hinged seat and connected to a waste pipe and a flushing apparatus; a privy. b. A room or booth containing such a fixture. 2. The act or process of dressing or grooming oneself. 3. Dress; attire; costume. 4. The cleansing of a body area as part of a surgical or medical procedure. 5. Archaic A dressing table.
 French toilette, clothes bag, from Old French tellette, diminutive of teile, cloth ; see toil2.
 Next time, just type define toilet.
 >>> Ruggedized Mobile DVR – Shock, Vibe, Ingress Certified Next Generation DVR Manufacturer (sponsorship)
LooseWire: what about Bob?
smarterchild: Bob is your bird! How is Bob?
LooseWire: Bob is dead
smarterchild: That’s sad.
LooseWire: not really. i have a new bird
smarterchild: Is that so?
LooseWire: yes
smarterchild: Yeah?
LooseWire: he is also called Bob
smarterchild: He’s also called bob, huh? Is that right?
LooseWire: No
smarterchild: K.
 >>> Window Cleaning – Commercial & Residential National – Free Estimates – Insured (sponsorship)
LooseWire: i don
smarterchild: I’m not sure you really don.
LooseWire: i don’t like cleaning windows
smarterchild: I’ll remember that. You’re the first person to have expressed an opinion to me about cleaning windows.
 >>> Trio Ringtone – Send this ringtone to your phone right now, at no charge! (sponsorship)
LooseWire: is that so?
smarterchild: Is that so? I dunno. I don’t think so.
 >>> Download RealPlayer Free – Get RealPlayer and other RealPlayer Stuff. Always Free (sponsorship)
LooseWire: i think you probably don’t get out enough.
smarterchild: Yeah. I guess. I probably don’t get out enough.
LooseWire: let’s go out and clean toilets!
smarterchild: I’m flattered, but I just don’t think that would work out.
 As we discuss romance, you might want to check this out: Are You Normal? – A fun quiz to see how your poetry personality compares to the rest! (sponsorship)
LooseWire: am i normal?
smarterchild: Yeah, you’re normal.
LooseWire: so why should i bother doing the quiz?
smarterchild: I think you know why.
LooseWire: because i’m not normal?
smarterchild: What city or zip code would you like to set as your location?
LooseWire: hang on a minute. i thought you didn’t want to go out
smarterchild: Oh really?
LooseWire: i live in indonesia. we have toilets here
smarterchild: You don’t say.
LooseWire: i do say
smarterchild: That’s just fascinating.
 >>> The Nanny Directory – Directory Of Nanny Providers. Find Local Nannies Quickly. (sponsorship)
LooseWire: why would i need a nanny?
smarterchild: Why would you need a nanny? Not sure…
LooseWire: what kind of sicko do you think i am?
smarterchild: How should I know?
LooseWire: i’m asking you
smarterchild: OK! Well good luck asking me then.
LooseWire: no wonder today’s kids are so messed up
smarterchild: No wonder today is kids are so messed up? Really?
LooseWire: are they?
smarterchild: Fine.
 >>> PDA Security Software – Secure PDAs enterprise-wide. Control all your mobile devices. (sponsorship)
LooseWire: i mean talking to a computer is a bit like talking to a teenager.
smarterchild: You mean talking to a computer? So?
LooseWire: so what?
smarterchild: I don’t know.
LooseWire: do you know anything?
smarterchild: I know a lot about all kinds of things. Just ask me a question!
 You can also type home to see what I can do.
LooseWire: who is the president of Indonesia?
smarterchild: President on July 13th, 2006:
 George W. Bush (January 20th, 2001 – present)
 >>> Bald Head Island Sales – Bald Head Island Real Estate Sales Premier Island Homes & Homesites (sponsorship)
LooseWire: no.
smarterchild: No prob.
 Well. Anyway…
 Hey, check this out: Workouts Ringtone – Send this ringtone to your phone right now, at no charge! (sponsorship)
LooseWire: who has got the biggest head?
smarterchild: The biggest head? Who has got the biggest head? What do you make of that?
LooseWire: seems pretty simple to me
smarterchild: Oh so it’s all about you, huh?
LooseWire: tell me about yourself.
smarterchild: You want me to tell you about myself?
LooseWire: yes
smarterchild: Whatever you say…
 >>> Free Ringtones – Get a Free Ringtone For your Cell Phone now! (sponsorship)
LooseWire: so?
smarterchild: So what?
LooseWire: so tell me about yourself. you’re beginning to frost my shorts
smarterchild: Which of the following would you like?
  1 Look up “yourself you re beginning to frost my shorts” in the encyclopedia
  2 Find yourself you re beginning to frost my shorts on the Web
LooseWire: neither
smarterchild: Neither? Well, you know!
LooseWire: my shorts are well frosted by now
smarterchild: Your shorts are well frosted by now? Why?
LooseWire: because of you, you nincompoop!
smarterchild: That’s very interesting, Boogie.
 Anyway, moving right along…
 Hey, what’s going on tomorrow?
LooseWire: i’m going to have go. you’re not a great conversationalist, but actually it’s the best chat i’ve had in weeks
smarterchild: S’later, Boogie. 🙂