Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Warning Gmail Users On Spying From China

timothy posted more than 3 years ago | from the should-that-be-by-or-from dept.

Google 215

Trailrunner7 writes "Google is using automated warnings to alert users of its Gmail messaging service about widespread attempts to access personal mail accounts from Internet addresses in China. The warnings may indicate wholesale spying by the Chinese government a year after the Google Aurora attacks, or simply random attacks. Victims include one leading privacy activist. Warnings appeared when users logged onto Gmail, encountering a red banner reading, 'Your account was recently accessed from China,' and providing a list of IP addresses used to access the account. Users were then encouraged to change their password immediately. Based on Twitter posts, there doesn't seem to be any pattern to the accounts that were accessed, though one target is a prominent privacy rights activist in the UK who has spoken out against the Chinese government's censorship of its citizens. A Google spokesman declined to comment on the latest warnings specifically. The company has been issuing similar warnings since March, when it introduced features to identify suspicious account activity."

cancel ×

215 comments

China shouldn't have been allowed to join the WTO (0, Troll)

Zelgadiss (213127) | more than 3 years ago | (#33699192)

We are now see their true colours.

They are like evil villains you see in the movies but for real.

We the world just made them into a very dangerous Superpower.

Re:China shouldn't have been allowed to join the W (0)

Anonymous Coward | more than 3 years ago | (#33699228)

I hate to break it to you.
You are not the world.

Re:China shouldn't have been allowed to join the W (2, Insightful)

Darkness404 (1287218) | more than 3 years ago | (#33699242)

And what the hell do you think the US does? We do everything that China does only because we're "the west" we aren't scared about it. See, the thing is, the US government can basically force Google to access your account. I much rather have a Chinese attack where I'm alerted about it than a US attack that happens stealthily.

Yeah, China has human rights abuses and so does the US. There are people detained by US authorities who don't even have a fucking clue why they are detained because the US won't tell them!

This idea that China is a super-villain and the US is a superhero is based off of myth, nationalism and ignorance, we are no better than the Chinese.

What reality do you live in? (4, Insightful)

Anonymous Coward | more than 3 years ago | (#33699326)

Yea, except when China detains you they throw you in the Laogai (Chinese gulag - forced labor prison) and harvests your organs to sell to rich westerners whose children are dying of non-functioning organs for which there is normally a giant waiting list.

And, keep in mind, China does that if you are nothing more than a political opponent, dissenter, or critic. Your fair trial consists of, "You are guilty."

When the U.S. (wrongly) detained the friend of Assange, leader of WikiLeaks, earlier this year they had to let him go. Our laws have been designed to protect human rights from abuse by even our own government. You can't say the same thing about the Chinese.

I hate to admit it, but I still love buying cheap crap from them, though.

I'm sort of afraid to post this comment now. *breathes deeply and pressing the submit button*

Re:What reality do you live in? (3, Informative)

Darkness404 (1287218) | more than 3 years ago | (#33699408)

And the US has Guantanamo bay and other "terrorist" prisons where we can essentially do the same thing because there is no oversight.

Plus, we've got military instillation all over the world also operating with virtually zero oversight.

We've given money to support various military dictatorships, tried taking over numerous sovereign countries, etc. While we don't do many atrocities to people here at home, the "third world" is open game.

When the U.S. (wrongly) detained the friend of Assange, leader of WikiLeaks, earlier this year they had to let him go. Our laws have been designed to protect human rights from abuse by even our own government. You can't say the same thing about the Chinese.

Only because there was a lot of press about it. Had this person been relatively unknown, he just would have been denied his rights or charged him with some "terrible" crime that no one would want to associate with him anymore.

Our laws have been designed to protect human rights from abuse, but that doesn't mean shit when it comes to congress or our operations outside of the US. We've passed laws blatantly ignoring the constitution (PATRIOT act, DMCA, etc.), debased our currency to worthlessness, gunned down civilians abroad, and propped up dictatorships.

The only significant difference between China and the US is that China does atrocities from within their borders and doesn't maintain an illusion of freedom. The US does atrocities from outside their borders and tries to portray that they are concerned about liberty.

Re:What reality do you live in? (0, Troll)

meerling (1487879) | more than 3 years ago | (#33699460)

At least the US hasn't ran over it's own students with tanks yet.

Re:What reality do you live in? (3, Interesting)

lul_wat (1623489) | more than 3 years ago | (#33699510)

Yeah, shooting them with rifles is so much more civil.

Re:What reality do you live in? (4, Insightful)

Darkness404 (1287218) | more than 3 years ago | (#33699512)

...Yet is the key point.

The US might have not ran over any of its own college students with a tank, but in the third world during the cold war it funded dictatorships that suppressed dissent and killed dissenters.

Why is it that it is considered terrible that China would kill its own citizens but yet it apparently is a "troll" to point out that the US does it to citizens of other countries?

Re:What reality do you live in? (1)

Ethanol-fueled (1125189) | more than 3 years ago | (#33699520)

Uh... [wikipedia.org]

The guy who was hit by the tank chose to stand in front of it. The students who were shot were unarmed protesters and bystanders.

The US is rapidly losing what little so-called "moral high ground" it has left.

Re:What reality do you live in? (0)

Anonymous Coward | more than 3 years ago | (#33700056)

The US government didn't endorse the shootings at Kent State.

Re:What reality do you live in? (1)

Darkness404 (1287218) | more than 3 years ago | (#33700120)

Of course they didn't endorse them, they actually shot the students! Unless for some reason the National Guard isn't part of the US government anymore...

Re:What reality do you live in? (2)

countertrolling (1585477) | more than 3 years ago | (#33700274)

It is a state militia. In that case called in by the governor, not the president. The feds "endorsed" it by not pressing charges

Re:What reality do you live in? (4, Insightful)

Raenex (947668) | more than 3 years ago | (#33700460)

The guy who was hit by the tank chose to stand in front of it. The students who were shot were unarmed protesters and bystanders.

Tank Man was not run over. He stopped a column of tanks. The soldier in that tank did not want to run over a civilian in cold blood.

The difference between China and the United States is that in China you can't search for Tiananmen Square and find out about the 1989 protest. You won't find a popular song about it. The Kent State shootings are an acknowledged black mark in United States history.

Um: “Tin soldiers and Nixon’s coming,& (1)

KMSelf (361) | more than 3 years ago | (#33699712)

Four dead in Ohio [wikipedia.org] . There's also the Civil Rights marches of the 1960s, the labor movement, the Trail of Tears, and a few other odd highlights. I'd suggest picking up a copy of Lies My Teacher Told Me [amazon.com] or Howard Zinn's A People's History of the United States [historyisaweapon.com] .

Re:What reality do you live in? (1)

Jurily (900488) | more than 3 years ago | (#33699546)

debased our currency to worthlessness,

No, you did that to the whole world. Somehow, I don't think Nixon [wikipedia.org] will be remembered for Watergate in 50 years.

Re:What reality do you live in? (3, Interesting)

thoughtsatthemoment (1687848) | more than 3 years ago | (#33699588)

China does atrocities from within their borders and doesn't maintain an illusion of freedom.

It depends on what kind of atrocities and freedom. If you are talking about violent crimes, living in China is generally much safer than in US. And Chinese law is sometimes intentionally ambiguous and if you are clever enough you'll have more freedom than you want.

The actual significant difference between China and the US, is Chinese officials are not elected. So the whole political games change.

Re:What reality do you live in? (1)

thoughtsatthemoment (1687848) | more than 3 years ago | (#33699474)

And, keep in mind, China does that if you are nothing more than a political opponent, dissenter, or critic. Your fair trial consists of, "You are guilty."

You have exactly the same mentality as the western media, that is to over simplifiy things in China and portray them in a stereotype as irrational lunatic. Believe it or not, some people do the same to the west.

Take the latest political opponent, Liu Xiaobo, as an example. From western media it looked like he was sent to jail for nothing serious. It turned out he was circulating a letter for signatures, calling for the establishment of a new country with a new name. That is a crime by Chinese law. Now I am not defending Chinese law here but I just wanted to point out things are more complicated than you think, including the "cheap crap" you love to hate.

Re:What reality do you live in? (1)

Moridineas (213502) | more than 3 years ago | (#33699518)

Link for further info?

Even if EXACTLY what you claim is true and even if it's not just propaganda created by the Chinese Government, you think a decade of imprisonment is fair punishment?

Re:What reality do you live in? (1)

thoughtsatthemoment (1687848) | more than 3 years ago | (#33699776)

I found that info in Chinese. He wanted to create some kind of federation between mainland China and Taiwan. This view is actually quite popular among some circles but the people in power definitely would want none of that. And personally I do think a revolution might make thing worse and reform is preferred.

As to a fair punishment, I'd think people should have freedom of speech without punishment. But I am not an expert in law. I do remember in the movie Red, someone was asking something like "Are you agree with overthrowing the United States government". So it'd be interesting to know the limit of free speech in extreme cases.

Re:What reality do you live in? (3, Informative)

Moridineas (213502) | more than 3 years ago | (#33700250)

In the United States it is illegal to plan to (or attempt to) overthrow the government by force or with violence.

Passing around a petition saying "I support breaking up the United States" is not a crime. Running for congress and saying "I would vote to breakup the United States" is not a crime. Attacking with force Fort Sumter -- crime! It's not perfect, I'd probably like more anti-government actions to be completely protected, but it is what it is.

Bottom line is the the Chinese party line on basic freedoms (like freedom of speech) and the typical American or European view on such things are worlds apart different. Some people like to put these down to thousands of years of history with such theories as Wittfogel's hydrolic Empires -- "Orientals like rules because they are used to them from thousands of years of absolute rule from above." I don't buy that. American and European views on freedom of speech are very different too. Witness the Brits who are in trouble for burning Qur'ans, the illegality of certain types of clothing in France and Germany, religious freedom differences, great differences on offensive speech, etc.

One thing that North American and Europeans are almost united on though is that political dissenters should be allowed and protected. Doesn't mean dissenters always get an easy or free ride, but the Chinese model is very abhorrent to many.

Re:What reality do you live in? (1)

thoughtsatthemoment (1687848) | more than 3 years ago | (#33700572)

Passing around a petition saying "I support breaking up the United States"

No, he appeared to the organizer and it seems from Wikipedia they were also writing Charters and compared themselves to other movements in Chinese history.

I think I know the difference you are talking about, but I also know the political reality of China, especially from a historical perspective. China didn't have a good model of its own, that why it adopted communism. And that didn't work out well. So it quickly switch to capitalism. Do you know who seemed to admire the founding fathers of the USA the most just before the breakout of the Chinese civil war in the 1940s? Judging from the writings of that time, it appears to be the communist leader Mao Zedong, who seemed understand democracy better than anybody else. At the time, he was the dissenter and he knew how to play the game.

Now the communists are in power and they are extremely wary about anybody else play the same game against them. The communist party itself actually wanted to introduce more liberal values, but they are afraid of their opponents taking advantage of it and losing their power.

So the basic problem in China is how to be more transparent. And dramatic moves would actually make things worse. I am actually quite suspicious of western media in this matter because they always portray Chinese officials as whimsical as putting people to jail for no reason at all. This actually makes reform harder. Maybe that's the goal.

Re:What reality do you live in? (1)

andymadigan (792996) | more than 3 years ago | (#33699658)

Your talking about U.S. citizens. If you're foreign and the U.S. doesn't like you we lock you up in a secret prison and you're never heard from again. The E.U. recently found a few of our secret prisons and got pissed, so we had to move them.

Back to the article, there isn't any pattern, my account got hacked too (my facebook account got hacked at the same time, but that was from an IP in South Korea).

Google (and others) should add a feature to allow me to restrict the IPs that can access my account. I'm never planning on logging in from anywhere in Asia, Africa or South America. If I ever did go to one of those places I could always change the setting. Two-factor authentication will probably be better though.

Re:What reality do you live in? (2, Informative)

Mr. Freeman (933986) | more than 3 years ago | (#33700042)

"And, keep in mind, China does that if you are nothing more than a political opponent, dissenter, or critic. Your fair trial consists of, "You are guilty.""

Same story in the US. No "enemy combatants" are given a fair trial. They're also tortured, or thrown into a prison and humiliated sexually. (i.e. abu ghraib)

Re:What reality do you live in? (0)

Anonymous Coward | more than 3 years ago | (#33700360)

Prisons hold people after they've been sentenced or so they can be tried.

What you're talking about is not a prison but a concentration camp.

Re:China shouldn't have been allowed to join the W (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33699364)

relativistic assessments such as the parents are merely intellectual laziness and false humility.

Re:China shouldn't have been allowed to join the W (2, Informative)

Chaosrains (1778770) | more than 3 years ago | (#33699426)

Yeah, China has human rights abuses and so does the US. There are people detained by US authorities who don't even have a fucking clue why they are detained because the US won't tell them!

Please point to a case where this has happened in modern US history, as this is a very clear violation of our sixth amendment in the Bill of Rights.

Re:China shouldn't have been allowed to join the W (2, Informative)

Darkness404 (1287218) | more than 3 years ago | (#33699456)

Are you that blind that you haven't heard of Gitmo? http://civilliberty.about.com/od/lawenforcementterrorism/tp/Boumediene-v-Bush.htm [about.com] Yeah, the supreme court struck it down fairly quickly but note that a single vote in the opposite direction would have kept it.

Re:China shouldn't have been allowed to join the W (2, Informative)

Rogerborg (306625) | more than 3 years ago | (#33699534)

Uh, you know those "foreign combatants" kept in dog kennels in Guantanamo Bay, and not charged because we don't even know why we captured them in the first place [washingtonpost.com] ? Those guys? According to those filthy liberal peacenik commies in the Supreme Court, apparently they're actually "people"!

Re:China shouldn't have been allowed to join the W (1)

poity (465672) | more than 3 years ago | (#33699428)

Why is it when the US is criticized, responses in the vein of "other countries do it too" is unacceptable and often labeled troll, yet when a different country is under the radar, responses in the vein of "the US does it too" is the first and greatest comeback, and in this case labeled "Insightful"?

This idea that China is a super-villain and the US is a superhero is based off of myth, nationalism and ignorance, we are no better than the Chinese.

May I suggest that this belief that there are significant people who believe in your hyperbolized dichotomy is also a myth. I'm confident the majority of people in the US see it as a flawed country but on the whole comparatively better than most.

Re:China shouldn't have been allowed to join the W (4, Interesting)

Zelgadiss (213127) | more than 3 years ago | (#33699432)

I'm not American or even European btw.

Given the recent situation with Japan, I don't know how else to see China.
Vietnam have been complaining about China's bully tactics for a while now, it's just that no one paid attention.

China has been gaining a lot of power, the US might not even be able to restraint them any more.
Frankly it scares me.

I hate to say this but the moron Bush might actually be right, China has to be contained.
If I could turn back time and somehow stop China from joining the WTO I would.

As for the US, the things you guys do in the middle east is one hell of a clusterfuck.

But I don't know.
I think would rather live under the thumb of the US government than the PRC.

From my point of view, maybe it's because I'm from a country friendly towards the US, US in general have been relatively benevolent "rulers" in comparison to what China could be capable of.

Re:China shouldn't have been allowed to join the W (0, Flamebait)

thoughtsatthemoment (1687848) | more than 3 years ago | (#33700328)

I think would rather live under the thumb of the US government than the PRC. From my point of view, maybe it's because I'm from a country friendly towards the US, US in general have been relatively benevolent "rulers" in comparison to what China could be capable of.

That's because you are currently under the spell of the US. If you are instead under the spell of China, believe me, China can appear much more of a benevolent ruler. Actually the Chinese government (and past dynasties) is the expert at creating a big happy family in which you would totally forget what individualism is (assuming you knew it in the first place).

Re:China shouldn't have been allowed to join the W (1)

Rogerborg (306625) | more than 3 years ago | (#33699434)

I agree. If your dad is an abusive jerk, you don't deserve to be protected from other abusive jerks. They're no worse than what you get at home, so what are you bitching about?

Re:China shouldn't have been allowed to join the W (1)

Darkness404 (1287218) | more than 3 years ago | (#33699548)

...Because your dad who is an abusive jerk making an organization to prevent child abuse wouldn't be hypocritical in the least. And then him being lauded for being a great dad despite the fact he is still an abusive jerk, wouldn't come up as slightly hypocritical to you?

Re:China shouldn't have been allowed to join the W (1)

thoughtsatthemoment (1687848) | more than 3 years ago | (#33699352)

And you talk just like the stupid people in the movies: We are good and they are evil.

Re:China shouldn't have been allowed to join the W (1)

Rogerborg (306625) | more than 3 years ago | (#33699450)

I'm not seeing the bit where GP said that "we" were good, just that "they" are bad. Can you clarify?

Re:China shouldn't have been allowed to join the W (1)

thoughtsatthemoment (1687848) | more than 3 years ago | (#33699624)

Sure. I said GP talked like something, but I didn't say what you said I did. Is that clear enough for you?

Finally ... (0)

Anonymous Coward | more than 3 years ago | (#33699202)

Well at least SOMEONES doing something about this, kudos to Google for being the ones to point out to the users themselves and warn them!

Wouldn't it be nice... (1)

BartholomewBernsteyn (1720348) | more than 3 years ago | (#33699260)

Google already keeps track of all kinds of data around my Gmail account, why does it not warn me whenever *irregular* patterns of access occurred, based on implausibly localized IPs?

Thank you for your consideration
  - You already know I love you, Google.
Sincerely, a concerned GMail customer.

anybody but google (0)

Anonymous Coward | more than 3 years ago | (#33699270)

Sergey must be feeling lonely and left behind again, time to make some news.
Let's just say google has not been the most reliable and trustworthy of corporate citizens lately.

Sure China is the location of a lot of servers. To extrapolate this is the work of Chinese hackers is like blaming Cadillac for a rash of drive-by shootings.

I got this (5, Informative)

kerashi (917149) | more than 3 years ago | (#33699294)

I got the warning about being accessed from China. Unfortunately, it came 2 days after I became aware of my gmail account and World of Warcraft account both being compromised. By that time I had already changed the password, and had Blizzard restore my stuff.

Re:I got this (1)

WarlockD (623872) | more than 3 years ago | (#33700202)

I don't know what happened, but I do remember when trying to paypal something, everything was Chinese. Luckly I was running Avast's VM service and everything reset when I closed my browser. It looks like it was redirecting my dns quirys. I also got hit with the gmail red banner too, but I suspect they were only able to access it because I was going though china using the cookie. Changed all my passwords in case though:P

I picked up a Mikrotek router for cheap and now I am blocking all of China's IP range. Bit extreame, but it is interesting looking at the the firewall hits. It seems I get quite a few hits from the uTorrent PnP tracking service from there. Also it cut down on the ssh attacks by half:P

Maybe some access controls would help (4, Insightful)

joeflies (529536) | more than 3 years ago | (#33699302)

Let's see - I have never been in China and don't plan to go in the near future - maybe if Google added a feature that allows me to CONTROL what countries I can access it from, it could alleviate a lot of this problem.

I'm sure those crafty hackers will find a way around it and divert through a US waypoint, but there's no need for my account to have broad access from countries I am never going to access it from.

Re:Maybe some access controls would help (2, Insightful)

Anonymous Coward | more than 3 years ago | (#33699384)

They'd just go through a US proxy... That's no help at all.

Re:Maybe some access controls would help (0)

Anonymous Coward | more than 3 years ago | (#33699446)

While you at it, why not add time based restrictions too. Make them do their dirty work in the middle of the night through a proxy server based in the US. I'm all for making it more difficult for unauthorized users to access my accounts. Why not at least make it slightly more difficult?

Security is a game of percentages (2, Informative)

KMSelf (361) | more than 3 years ago | (#33699794)

Going through a proxy (crowded, busy, high traffic, concentrated) makes hack attacks that much more difficult. From the defense standpoint, proxies may be known (lists of know proxies are widely available), detectable (reverse operations), or identifiable via patterns (large volumes of traffic or attack from a single or narrow IP band not otherwise known).

You do highlight the point, however, that patterns of behavior are what are critical. You want to see who's coming in, from what IP ranges, whether or not they're suddendly having a great deal of trouble with their passwords, etc.

I've had more than a little success identifying sources of abuse via CIDR block or ASN [linuxmafia.com] using the Routeviews [routeviews.org] reverse IP-to-BGP Router Data lookup (the txt record is the CIDR block and ASN of an IP). Not just in spam, as indicated in the linked paper, but for apache logs, aggregating ranges of IPs to a single identifiable source.

Sure, someone using a widely distributed botnet across multiple ASNs isn't going to turn up in that analysis (or rather, it will be more weakly distributed), but in that case, you're going to want to find other patterns of behavior to track.

Re:Maybe some access controls would help (0)

Anonymous Coward | more than 3 years ago | (#33699892)

The US proxy, being in the US, is subject to US law enforcement. In other words google can actually DO something about the proxy, whereas it can't do anything about China. Which may then force the proxies to manage their affairs a little better ("hm, these very few IPs in China are doing an awful lot of connection attempts!")

Further, the harder you make it for the crackers, the more China loses its "not happening here" "it's just some script kiddies, honest!" plausible deniability, which slightly increases the chances that the US government can do something about it through diplomatic/economic pressure.

Re:Maybe some access controls would help (0)

Anonymous Coward | more than 3 years ago | (#33699416)

Why not simply use a strong password? A country blacklist can really screw you over when in the far future you go somewhere and you don't remember you blocked it.

Re:Maybe some access controls would help (1)

cyfer2000 (548592) | more than 3 years ago | (#33699562)

My gmail account was compromised several weeks before the whole gmail thing made to press. I had a pretty strong password including capital letters, @# and numbers. But those bloody Chinese crackers still cracked my email account and sent out hundreds of spams. I only use OS X and Fedora, so there is little possibility of those crackers still my password via spyware. From my experience, I doubt if a strong password can protect you.

Re:Maybe some access controls would help (0)

Anonymous Coward | more than 3 years ago | (#33699818)

Uh ... how long was it? I use 44 character passwords.
Did you ever access gmail from mobile or other non-secure clients that didn't use SSL/TLS for everything?

Re:Maybe some access controls would help (1)

AHuxley (892839) | more than 3 years ago | (#33700418)

"Did you ever access gmail from mobile or other non-secure clients that didn't use SSL/TLS for everything?"
Very interesting. Think weak backends to low cpu/backhaul rustbelt mobile tech is a leak?
If you use a strong pw, non Windows OS on a desktop with https are you safe vs some candy coloured web 2.0 mobile while on the move?
Be a fun experiment. Set up 100 random accounts, via Mac, Windows, Linux and then mobile or other non-secure clients. Wait and bring the stats back.
If the desktop ones are all safe, great, if win or mac or linux desktop accounts seem non-secure then what the ??????????

Re:Maybe some access controls would help (0)

Anonymous Coward | more than 3 years ago | (#33700548)

44 characters? Like what? What are you using now?

Re:Maybe some access controls would help (0)

commodore64_love (1445365) | more than 3 years ago | (#33699550)

I was thinking something different:

Even if China's government did hack my account and discover some horrible thing I did, so what? I'm 10,000 miles away and they cannot touch me. This is similar to how I laugh at New York government's attempts to tax my ebay sales..... "Okay fine I owe you about $100 for 8% tax. Now I'd like to see you try to collect it when I live 500 miles away."

Governments are virtually powerless outside their own boundaries.

Re:Maybe some access controls would help (0)

Anonymous Coward | more than 3 years ago | (#33699740)

Not too bright are ya?

Leveraging information (1)

KMSelf (361) | more than 3 years ago | (#33699816)

XKCD puts it well: http://xkcd.com/792/ [xkcd.com]

How often do you reuse passwords?

What financial or other control information transits your email account?

What blackmail or other information could be gained via your email account(s)?

I've utilized this myself in legal cases for fun and profit (lawful access to data, natch).

Re:Maybe some access controls would help (2, Insightful)

countertrolling (1585477) | more than 3 years ago | (#33700358)

Governments are virtually powerless outside their own boundaries.

I did not know that...

Re:Maybe some access controls would help (1)

AHuxley (892839) | more than 3 years ago | (#33700470)

"discover some horrible thing I did, so what?"
I think the aim is CIA/NGO/faith backed dissidents both in China and around the world.
Any tech floating on open networks or hints to darknets, internal networks is fun too.
Just learning how google works internally, at what point https is used, how and where.
China does not want a digital version of Operation Shadow Circus that the CIA ran during the cold war.

Re:Maybe some access controls would help (0)

Anonymous Coward | more than 3 years ago | (#33700668)

I, for one, welcome our new Chinese leaders...

Re:Maybe some access controls would help (1)

severoon (536737) | more than 3 years ago | (#33699982)

I'm sure those crafty hackers will find a way around it and divert through a US waypoint, but there's no need for my account to have broad access from countries I am never going to access it from.

Please allow me to provide an alternative summary of your statement: Though it certainly wouldn't do any good, why not respond by stripping innocent people of freedoms they now have?

What, sir, were you thinking when you wrote this?

Re:Maybe some access controls would help (3, Interesting)

Jah-Wren Ryel (80510) | more than 3 years ago | (#33700138)

Let's see - I have never been in China and don't plan to go in the near future - maybe if Google added a feature that allows me to CONTROL what countries I can access it from, it could alleviate a lot of this problem.

I'd rather have out-of-band notifications of access - kinda like the way some banks do for their credit card accounts.
For example - I'd like to get a text message everytime someone logs into my account and everytime some major change is made - like setting up an auto-forward or changing the password.

Re:Maybe some access controls would help (0)

Anonymous Coward | more than 3 years ago | (#33700402)

Well there's two-step verification [blogspot.com] via phone for Google Apps, coupled with the Google Authenticator [google.com] app.

Re:Maybe some access controls would help (1)

houghi (78078) | more than 3 years ago | (#33700712)

It would indeed be great to know if the US was reading my mail or not and not only China.
Down side is that the US read it by looking at traffic, not by hacking my account. (HI MOM)

happened to me (0)

Anonymous Coward | more than 3 years ago | (#33699316)

I got this warning a while ago, on a gmail account i never used to sign up for anything, and was very careful with. WTF china...also makes me mad at google for not being able to stop these attacks

This has my approval (3, Insightful)

mykos (1627575) | more than 3 years ago | (#33699322)

Go ahead and comply with government demands, but tell the common people what the government is doing to them. I like it.

Re:This has my approval (1)

lavagolemking (1352431) | more than 3 years ago | (#33699640)

Actually, I think the article said China is hacking into users' accounts, not that Google is giving China access. They're just deploying a sort of end-user level Intrusion Detection System [wikipedia.org] . They're letting users know what the government (not necessarily their government) is doing, but they're not cooperating. It's definitely a step in the right direction, although it would also be nice to add some access control as well, such as "only access from this IP address", "deny access from IP addresses in these countries", etc. even if that would only drive China to access accounts from bots in the same country. Google certainly has the resources, and in light of Chinese attacks over the past year, the motivation, to deploy a pretty secure setup that users could configure, and I can imagine a lot more features like this showing up over the next year. Question for Google: Do these warnings show up for all active sessions (including the Chinese ones), or only the session where the user appears legitimately logged in?

Re:This has my approval (0)

Anonymous Coward | more than 3 years ago | (#33699746)

My spam account got hacked from China because I have a simple password on it.

The "Chinese Government" (since apparently only the PRC gov't can hack things in China) sent out a bunch of spoof mails to WOW users from my account asking for password information. I guess the communist party is addicted to MMO there?

Well-known privacy activist (1)

guyminuslife (1349809) | more than 3 years ago | (#33699332)

I guess they're not very successful at it.

Re:Well-known privacy activist (1, Funny)

Rogerborg (306625) | more than 3 years ago | (#33699476)

He should get together with Julian "nobody but me deserves to have secrets" Assange, and together they could try to make two useful people, or failing that, a crate of Soylent Green.

You like many are confused (3, Informative)

Sycraft-fu (314770) | more than 3 years ago | (#33699618)

Specifically you are confusing privacy and anonymity. Many geeks seem to think the right to privacy is the same as the right to remain anonymous and they aren't at all. The government has rules that there is a right to privacy implied in the Constitution, but they have never ruled there is a right to anonymity best that I know.

So what's the difference? Privacy means being able to shield what you are doing from others, if you choose. I currently have complete privacy. I am alone, in my home. That means what I am doing is not something anyone can find out, unless I let them. My actions and thoughts are as private as I wish them to be. However I'm not anonymous. Anyone who did even cursory (and fully legal) surveillance could determine what house is mine and that I am presently at home. I am in no way anonymous in my actions, just private.

The flipside of that would be a couple having sex in a park, wearing full face masks. They would have no privacy, but would have anonymity. There would be no doubt in anyone's mind what was going on if they looked over. However as to who was doing it, well that would be a mystery. The people doing it would be anonymous, but not private.

Of course you can easily find other situations that you have both or neither.

So as it applies to these activists that they are known doesn't mean they aren't successful at being private. They aren't anonymity activists, they are privacy activists. They advocate that you should be able to do things and not have the government (or others) spy on you. they are not advocating you should be unknown, a cipher to all.

Re:Well-known privacy activist (1, Interesting)

Anonymous Coward | more than 3 years ago | (#33699840)

I am the person in question.

The matter came up casually after I had given the journalist an interview with regards to EverCookie - an issue I am currently dealing with in my work having involved a US Lawyer and filed an Open Letter with the European Commission in relation to how this particular API counters claims in Recital 66 of the Telecoms Reform Package that browsers should be seen as an acceptable form of control and consent with regards to the use of Internet tracking technologies. I work very hard, 16-20 hours a day, fighting on many fronts to protect fundamental liberties such as privacy and human rights. I do this because I believe it is important work, I don't get paid for it; so I find your comment particularly offensive and the response below from Rogerborg.

After I gave the interview the journalist asked my opinion on why Google had redacted details about China in their recently launched Transparency resource. Having followed the situation between Google and China (as part of my job) I offered the suggestion that even though Google's excuse that China requested the data be excluded on the grounds of national security made no sense it could just be a case that the relationship between Google and China is currently under stress given the allegations by Google earlier this year that China had hacked their core systems. As often happens when one is engaging freely with others I went on to mention that Google had recently started notifying users that their GMail account had been accessed from a Chinese IP when asked how I knew about that I explained I had received such notification earlier that day.

The point of the article which was then published was to raise awareness of these issues as I am sure anyone will agree that to compromise private communications is a serious issue. In my case the email address was very old (over 5 years old) and was setup specifically to deal with enquiries relating to an MPAA case against me. It is accessed infrequently purely to check if anyone is trying to contact me. I do a great deal of work with the press/media as well and receiving complaints from the public about privacy issues and as that email account is associated with my real name online (from when it was initially setup) it is important I check it every now again. It is currently not used for any other purpose.

I get quite angry when I see people on forums or comment systems who criticise advocates they know nothing about nor their motives. We work very hard and many of us for free with no personal agenda or benefits - we give up our lives defending the liberties you rely on in yours. More often than not these same critics have never lifted a finger nor spent any of their time engaging in such work, so they are not really in a position to criticise those of us who do.

That is OK though, we don't do the work for thanks or compliments, we do it for the benefit of society and future generations - but it would be nice if critics would actually base their discourse on some evidentiary basis instead of just opening their mouths without considering how their words might impact those of us doing this important work. I am pretty sure if your Human Rights were compromised in a way which caused you significant distress or damage you would expect someone to fight your corner for you and provide you with resources and support to overcome the issue - perhaps you should consider this before being so quick to criticise in the future.

Re:Well-known privacy activist (1)

guyminuslife (1349809) | more than 3 years ago | (#33699936)

It was a joke, maybe one that misfired. If you really are the person in question, I'd like to say "thank you" for your efforts.

Happened to me... (1)

The MAZZTer (911996) | more than 3 years ago | (#33699338)

A couple months ago, out of the blue. I changed my password of course

Re:Happened to me... (0)

Anonymous Coward | more than 3 years ago | (#33699458)

Same thing here. I'm assuming it was a random attack, since I have no Chinese connection (Never been there, don't know anyone there, not a vocal enemy of China, etc).

Insensitive Clods (4, Funny)

srussia (884021) | more than 3 years ago | (#33699372)

I use a Chinese proxy server!

Another statistic here.... (1)

macraig (621737) | more than 3 years ago | (#33699376)

I was one such victim, but for me the hijacking occurred about two months ago. Lucky for me it wasn't used to send millions of malware-laden spam messages; only several dozen messages were sent (all in Chinese), and it didn't look like any attempt was made to filch information from my archives. Google did warn me at the time, and there have been no obvious consequences since I regained control of the account.

Hypocrites (2, Insightful)

guspasho (941623) | more than 3 years ago | (#33699400)

I'm not worried about China, I'm worried about my own government spying on me with Google's cooperation.

Re:Hypocrites (-1, Troll)

Darkness404 (1287218) | more than 3 years ago | (#33699524)

Oh don't point out that that could happen, otherwise you get modded as a troll.

Re:Hypocrites (1)

onefriedrice (1171917) | more than 3 years ago | (#33700068)

Oh don't point out that that could happen, otherwise you get modded as a troll.

Wrong. On the contrary, anti-U.S. government comments usually get some level of Insightful, and this time is no exception.

Re:Hypocrites (0)

Anonymous Coward | more than 3 years ago | (#33700706)

You do realize that Google is the only one actually willing to fight for you [bbc.co.uk] against the government, right?

People in glass houses (2, Insightful)

Darkman, Walkin Dude (707389) | more than 3 years ago | (#33699430)

Parsing your data for profit, et cetera...

Or is that okay in free market halfassery?

Spams (0)

Anonymous Coward | more than 3 years ago | (#33699440)

I've been receiving a lot of spam from some chinese servers for the last 3 weeks. I don't remember giving my email to anyone but collegues, is this related?

No apparent pattern. (1)

meerling (1487879) | more than 3 years ago | (#33699480)

Maybe because they added a lot of random targets to disguise the real target(s). I'd definitely do more than 100 distractions attacks per real attack just to confuse my opponents.

Unplug China (0)

Anonymous Coward | more than 3 years ago | (#33699508)

Why do we even need them on the internet?

Sum-yung-gai (0, Offtopic)

oldhack (1037484) | more than 3 years ago | (#33699556)

Not my cup of tee. General's chicken needs more garlic.

Send more dandan noodle.

G should support FireGPG-like product (1)

astrashe (7452) | more than 3 years ago | (#33699568)

There's a really easy way google can mitigate a lot of these problems. They could cooperate a little bit with someone who wants to make a firefox plugin that would encrypt people's email.

I know that goes against their business model, which lets them use people's emails to tailor search results and target ads. And it would probably piss off a number of governments. But in reality, almost no one would actually take the trouble to encrypt their mail, and it would allow people who really needed the privacy to take care of themselves.

It's such an easy, simple solution. I wish they'd consider it.

Re:G should support FireGPG-like product (5, Insightful)

andymadigan (792996) | more than 3 years ago | (#33699766)

I fail to see how this would help at all. Part of the problem with someone gaining access to your e-mail account is that it can be used to gain access to all of your accounts. The other problem is that it can be used to send spam/viruses. Neither of those would be fixed by encryption. If you want encrypted e-mail, use servers under your control.

How many non-CN gmail users ever use Gmail in CN? (2, Insightful)

Anonymous Coward | more than 3 years ago | (#33699584)

I don't ever expect to use my Gmail from China.

I very rarely use my Gmail from anywhere outside the US.

I'd like to block ALL COUNTRIES from my Gmail, except the US. Then when I travel, I can add the country I am going to visit - for as long as I'm there.

Ideally, this function could tie in to my World Mate app on the BlackBerry - it knows when I am out of the country or not.

Re:How many non-CN gmail users ever use Gmail in C (2, Interesting)

MarcoAtWork (28889) | more than 3 years ago | (#33700534)

not only all countries but my own, I would like to be able to whitelist to

- my work IP
- my home internet provider

and that's it, if I travel I can always stop restrictions temporarily, but there should be no reason why any location but the two above should be able to access my email account on a regular basis.

If Google wanted to make things simpler for users, you could also have the option to restrict by geolocation, given how good it is nowadays it should be trivial to say 'allow connections only from this city'

It's their own fault (1)

93 Escort Wagon (326346) | more than 3 years ago | (#33699594)

When those anti-government activists use easy-to-guess passwords like "FreeTibet" and "FalunGong4evah", of course their Google accounts are going to get hacked...

Re:It's their own fault (0)

Anonymous Coward | more than 3 years ago | (#33700018)

The password on the account was a 9 character random and mixed case alphanumeric string which would have required brute forcing and would not be vulnerable to a dictionary attack.

WoW Account phishing (1)

Fippy Darkpaw (1269608) | more than 3 years ago | (#33699656)

About 50% of the spam I get is WoW and other MMOG account phishing. Apparently lots of people use the same WoW account pw as for their gmail account since you see "i got hacked" posts in the forums every day. Blizzard then made the brilliant move of making your WoW account username your email address.

Facebook does the same (1)

alex67500 (1609333) | more than 3 years ago | (#33699694)

There's a Facebook option whereby you get an email sent to you when someone accesses your account on a PC that hasn't been used for that before. I thought it was cool also.

But GMail has had the "active sessions" and "last activity on this account" options for a while, so I guess it's only working on a behaviour pattern and warning people when that pattern changes.

Pretty Good Privacy? (2, Informative)

janwedekind (778872) | more than 3 years ago | (#33699698)

There are GPG plugins for most e-mail clients. E.g. there's Enigmail for Thunderbird. People just need to use them.

Re:Pretty Good Privacy? (1)

CSMatt (1175471) | more than 3 years ago | (#33700336)

Yeah. Let me know when their use is simple enough for 95% of the populace to handle, and when Webmail access that is independent of the browser/computer they are using and isn't implemented at the ISP level is possible.

It's not so simple and clean-cut as you make it sound. If it's an extreme hassle to remain secure and/or private then most people won't bother until it becomes easier. And even then you have to get them to care without sounding paranoid.

hmmm... (1)

meeotch (524339) | more than 3 years ago | (#33699942)

a red banner reading 'Your account was recently accessed from China,'

I wonder if that's at all irritating to users living in places like, you know - China.

Re:hmmm... (0)

Anonymous Coward | more than 3 years ago | (#33700160)

irritating? Gmail users are immune to that.

Next Slashdot Poll (1)

KingTank (631646) | more than 3 years ago | (#33700128)

I think I know what the next Slashdot poll will be...

Client certificates (1)

mr exploiter (1452969) | more than 3 years ago | (#33700130)

This is a good reason for google to start supporting client identification through SSL certificates.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...