Google (Nasdaq: GOOG) has started sending warnings to users of its e-mail service who may have been targeted by state-sponsored cyber-attacks.

Eric Grosse, vice president of Security Engineering at Google, posted news about the warnings in a Google blog on Tuesday.

“You might ask how we know this activity is state-sponsored,” he wrote. “We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.”

Google is monitoring for such attacks, Grosse explained.

“We are constantly on the lookout for malicious activity on our systems, in particular attempts by third parties to log into users’ accounts unauthorized,” he wrote. “When we have specific intelligence—either directly from users or from our own monitoring efforts—we show clear warning signs and put in place extra roadblocks to thwart these bad actors.

“Today, we’re taking that a step further for a subset of our users, who we believe may be the target of state-sponsored attacks.”

The new warning is posted with this story as a graphic.


“If you see this warning it does not necessarily mean that your account has been hijacked,” Grosse added. “It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account.”

Preventative Steps 

Grosse then posted some tips:

  • Create a unique password that has a good mix of capital and lowercase letters, as well punctuation marks and numbers
  • Enable 2-step verification as additional security
  • Update your browser, operating system, plugins, and document editors

“Attackers often send links to fake sign-in pages to try to steal your password, so be careful about where you sign in to Google and look for in your browser bar.,” he added.

“These warnings are not being shown because Google’s internal systems have been compromised or because of a particular attack.”

The alerts are directed at specific Gmail users, some of whom can be identified by the company’s algorithms. Google also collects reports from hacking victims and receives other, unspecified intelligence regarding targets of espionage attempts. Google has used notifications in the past to inform users of malicious “botnet” software on machines, without specifying the suspected origin.

The messages are a sign of the vast amount of data about cyberattacks that Google collects as the operator of the world’s biggest search engine and one of the biggest e-mail services. Gmail has more than 350 million active users, according to a company spokesman, Jay Nancarrow.

Google’s Limitations

The warnings are also an acknowledgement that while Google already alerts users to suspected fraudulent activity on many websites and in certain e-mails, there are limitations on its ability to block cyber-assaults.

Sophisticated attacks often take the form of personalized e-mails that aren’t caught by spam filters. The hackers often try to plant malicious software, or malware, on users’ machines to steal account passwords and other data. Targets of state- sponsored attacks can include government officials, dissidents, human-rights activists and corporate executives.

U.S. officials often cite China as a source of international attacks. Other countries are implicated as well. A report last week in the New York Times cited the U.S. and Israel as being behind the Stuxnet computer-worm attack that damaged centrifuges in an Iranian nuclear facility in 2010.

Nancarrow, the Google spokesman, declined to comment on how Google determines whether an attack is likely to have been state-sponsored.

Google said in January 2010 that the company itself was the target of “highly sophisticated” intrusions that originated in China, home to the world’s largest Internet market. Google also warned last year of an attempt to steal passwords from Gmail users, which Google said may have also originated in China.

China has denied hacking allegations and has said it too is a victim of hacking.

(Bloomberg news contributed to this report.)