Apparently it’s not unusual for Google to detect that some of its users’ accounts are under attack from “states or groups that are state-sponsored.” The attacks are so prevalent, it seems, that Google has now launched a new program that will warn users when it detects such an attack. Whenever Google now detects such that an account is under attack, it will show a warning at the top of the user’s screen, including a link to a page with additional information about how to best protect your Google account.
As Google’s VP of security engineering Eric Grosse notes in the announcement today, Google already puts up “extra roadblocks to thwart these bad actors” whenever it sees that such an attack is happening. Google, of course, doesn’t want to disclose how it knows that a specific attack is probably state-sponsored, but Grosse says that Google’s “detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.” Grosse also notes that these warnings don’t necessarily mean that an account has already been hijacked.
To secure your account (even if you don’t suspect that a rogue state might be interested in whatever you store on your Google Drive), Google recommends that you watch out for potential phishing attack and that you “create a unique password that has a good mix of capital and lowercase letters, as well punctuation marks and numbers; enable 2-step verification as additional security; and update your browser, operating system, plugins, and document editors.”
Google, has openly talked about how accounts from Chinese activists and journalists, for example, were compromised in 2011. Google also blamed China for an attack on its networks in 2010 (though it never directly accused the Chinese government of being behind these attempts to hack its systems).