Once again Google is making headlines as they clash with another country over usage constraints. The internet giant got word last month of Kazakhstan’s attempts to reroute all Google domains there to servers located within the country. Google raised them one by suspending their Kazakh domain google.kz and rerouting them to google.com.

Typically Google’s domains in a given country will be tailor configured to increase search relevance to that country. However when users search the internet they are not limited by national boundaries so that requests can be handled in the fastest possible way. By rerouting away from Kazakhstan, Google Senior Vice President Bill Coughran writes in a blog post, “users will experience a reduction in search quality as results will no longer be customized for Kazakhstan.”

…

For full original article, see here

(Reuters) – Google has become a “political tool” vilifying the Chinese government, an official Beijing newspaper said on Monday, warning that the U.S. Internet giant’s statements about hacking attacks traced to China could hurt its business.

The tough warning appeared in the overseas edition of the People’s Daily, the leading newspaper of China’s ruling Communist Party, indicating that political tensions between the United States and China over Internet security could linger.

Last week, Google said it had broken up an effort to steal the passwords of hundreds of Google email account holders, including U.S. government officials, Chinese human rights advocates and journalists. It said the attacks appeared to come from China.

The Chinese Foreign Ministry rejected those accusations, and the party newspaper warned Google against playing a risky political game.

By saying that Chinese human rights activists were among the targets of the hacking, Google was “deliberately pandering to negative Western perceptions of China, and strongly hinting that the hacking attacks were the work of the Chinese government,” the People’s Daily overseas edition, a small offshoot of the main domestic paper, said in a front-page commentary.

“Google’s accusations aimed at China are spurious, have ulterior motives, and bear malign intentions,” said the commentary, written by an editor at the paper.

“Google should not become overly embroiled in international political struggle, playing the role of a tool for political contention,” the paper added.

“For when the international winds shift direction, it may become sacrificed to politics and will be spurned by the marketplace,” it said, without specifying how Google’s business could be hurt.

A Google spokeswoman said the U.S. firm had no comment on the remarks.

The latest friction with Google could bring Internet policy back to the foreground of U.S.-China relations, reprising tensions last year when the Obama administration took up Google’s complaints about hacking and censorship from China.

Google partly pulled out of China after that dispute. Since then, it has lost more share to rival Baidu Inc in China’s Internet market, the world’s largest by user numbers with more than 450 million users.

Google said last week that the hacking attacks appeared to come from Jinan, the capital of China’s eastern Shandong province and home to an intelligence unit of the People’s Liberation Army.

U.S. Defense Secretary Robert Gates over the weekend warned that Washington was prepared to use force against cyber-attacks it considered acts of war.

In February, overseas Chinese websites, inspired by anti-authoritarian uprisings across the Arab world, called for protests across China, raising Beijing’s alarm about dissent and prompting tightened censorship of the Internet.

China already blocks major foreign social websites such as Facebook and Twitter.

Chinese cyberspies, who targeted the personal Gmail accounts of top U.S. officials, are trying to gain access to computers belonging to China specialists and defense contractors who circulate in and out of the U.S. government and talk regularly with those in power, according to security experts who have tracked these schemes.

Chinese cyberspies have for years been trying to gain access to sensitive U.S. computers. This week, Google disclosed an infiltration into personal Gmail accounts of senior U.S. officials. WSJ’s Intelligence Correspondent Siobhan Gorman reports.

The stealth infiltration campaign, similar in tactics to the Gmail scheme that Google Inc. disclosed last week, represents cyberspies’ efforts to circumvent the high security walls on official government email accounts.

Such targeted “phishing” expeditions involved sending booby-trapped emails to people who have information a hacker is seeking. The emails typically appear to have been sent by a trusted colleague and ask the recipient to open an attachment. When that is done, a malicious software program is placed on the computer that could perform multiple functions, such as tracking all keystrokes or providing full access to an organization’s computer network. They frequently are used to obtain access to passwords and private correspondence.

Their occurrence has spiked in the past few months, security experts say. Kevin Mandia, CEO of the security firm Mandiant, said his firm saw four to five times the average number of attacks from China in April. “It was a huge uptick,” he said.

The attacks have been traced to China, but that doesn’t necessarily mean they are directly ordered by the government. Spokesman Wang Baodong for the Chinese Embassy in Washington denied any government involvement in such cyberspying schemes. “As a responsible player in cyberspace, China strongly opposes unlawful online activities and supports international cooperation in striking down on such misdeeds,” he said. “Any claims of so-called Chinese state support for hacking are completely fictitious, and blaming misdeeds on China is irresponsible and unacceptable.”

Targeting people on the periphery of power is more likely to pay off because their computer systems are often less protected than the U.S. government, and these individuals frequently discuss sensitive issues with those in government. That was likely why the Google infiltrators targeted the personal emails of government officials.

“It’s a routine occurrence now because think tanks are soft targets and you get good data,” said James Lewis, a former State Department official and current cybersecurity specialist at the Center for Strategic and International Studies who has advised the Obama administration on cybersecurity policy. He said he was the target of a combined telephone and phishing attempt in 2010. “I just assume that all our communications are insecure.”

James Mulvenon, a China and cyber-security expert, has been tracking a four-year phishing campaign against China specialists in Washington. He’s logged more than 100 rounds of attacks against 30-40 China specialists, many of whom have rotated in and out of government.

“I was struck by the breadth of it,” he said. “They had targeted huge numbers of China specialists all over D.C.,” both former government officials and those about to take federal jobs. “They want to find people who have access.”

The goal of this campaign in Washington appears to be to gather information from individuals who communicate with U.S. officials about China matters, Mr. Mulvenon said.If cyberspies gather sensitive but unclassified data from Washington research institutions and a smattering of U.S. officials, he said, “you get a pretty good picture of what’s going on in Washington as it relates to China.”

The New Battleground

The campaign attempts to trick China specialists into opening attachments that would provide hackers access to their computers. In the beginning, Mr. Mulvenon said, the emails were easily identifiable as fraudulent. They contained lots of spelling errors and odd wording choices that would make more sense in Chinese than American English.

But the recent ones appear to come from people the target would know and contain text that plausibly could have been written by the alleged sender of the email, he said. The topics range from meeting agendas and the Olympics to President Barack Obama’s trip to China and conference invitations.

One such email in November 2009 purported to come from Dennis Wilder, a former Asia specialist on the National Security Council in the George W. Bush administration who was at the Brookings Institution at the time.

The email discussed a recent press briefing by the Chinese ambassador on climate change, and it contained an attachment concealing a virus that claimed to be a transcript of the press briefing. Mr. Wilder hasn’t owned a Gmail account.

Another well-crafted phishing scheme duped a group of defense contractors. In 2008, one Defense Department agency held a conference, and then posted some of the presentation materials online, including the names and email addresses of the 50 or so attendees.

Soon after, the attendees, mostly defense contractors, received emails that purported to be from one of the presenters at the conference and included an attachment that claimed to be his presentation materials, according to a person familiar with the incident.

A majority of the conference attendees opened the attachment, which downloaded on to their computer malware that provided “unfettered access” to their computer, this person said. “There was widespread success by the bad guys.” A subsequent investigation tracked the perpetrator back to a Chinese hacking group.

“They’re still doing the exact same thing” today, the person familiar with the incident said of the hacking group.

China has rejected allegations of involvement in a cyber-spying campaign targeting the Google e-mail accounts of top US officials, military personnel and journalists.

A foreign ministry spokesman said it was “unacceptable” to blame China.

Google has not blamed the Chinese government directly, but says the hacking campaign originated in Jinan.

The US company said its security was not breached but indicated individuals’ passwords were obtained through fraud.

Google said Chinese political activists and officials in other Asian countries were also targeted from the Shandong city, which is 400 km (250 miles) south of Beijing.

The White House said it was investigating the reports but did not believe official US government e-mail accounts had been breached.

Safety tips
It is extremely difficult for analysts to determine whether governments or individuals are responsible for such attacks, says the BBC’s Adam Brookes in Washington.

But the fact that the victims were people with access to sensitive – even secret – information raises the possibility that this was cyber-espionage rather than cyber-crime, adds our correspondent.

However, Chinese foreign ministry spokesman Hong Lei told a news briefing: “Blaming these misdeeds on China is unacceptable.

“Hacking is an international problem and China is also a victim. The claims of so-called support for hacking are completely unfounded and have ulterior motives.”

On Wednesday, Google said it had “detected and has disrupted” a campaign to take users’ passwords and monitor their emails.

“We have notified victims and secured their accounts,” said the company. “In addition, we have notified relevant government authorities.”

The e-mail scam uses a practice known as “spear phishing” in which specific e-mail users are tricked into divulging their login credentials to a web page that resembles Google’s Gmail web service (or which appears related to the target’s work) but is in fact run by hackers.

Having obtained the user’s e-mail login and password, the hackers then tell Gmail’s service to forward incoming e-mail to another account set up by the hacker.

In an advisory message released on Wednesday, Google recommends several steps for users to take to improve the security of Google products:

Enable two-step verification, such as using a mobile phone to which Google sends a second password to enter on sign-in

Use a strong password (mix of letters and numbers, avoiding family names, birth dates etc) for Google that you do not use elsewhere. Here’s a video to help.

Enter your password only into a proper sign-in prompt on a https://www.google.com domain.

Check your Gmail settings for suspicious forwarding addresses or delegated accounts

Hackers in China have compromised personal e-mail accounts of hundreds of top US officials, military personnel and journalists, Google has said.

The US company said a campaign to obtain passwords originated in Jinan and was aimed at monitoring e-mail.

Google said its security was not breached but indicated individuals’ passwords were obtained through fraud.

Chinese political activists and officials in other Asian countries were also targeted, Google said.

“Google detected and has disrupted this campaign to take users’ passwords and monitor their emails,” the company said on Wednesday.

“We have notified victims and secured their accounts. In addition, we have notified relevant government authorities.”

In Washington, the White House said it was investigating the reports but did not believe official US government e-mail accounts had been breached.

The e-mail scam uses a practice known as “spear phishing” in which specific e-mail users are tricked into divulging their login credentials to a web page that resembles Google’s Gmail web service (or which appears related to the target’s work) but is in fact run by hackers, according to a technical report released by Google.

Having obtained the user’s e-mail login and password, the hackers then tell Gmail’s service to forward incoming e-mail to another account set up by the hacker.

In Washington, the BBC’s Adam Brookes says it is extremely difficult for analysts to determine whether governments or individuals are responsible for such attacks.

But the fact that the victims were people with access to sensitive, even secret information, raises the possibility that this was cyber espionage, not cyber crime, our correspondent says.

On Monday, it was reported that a documentary series airing on Cuba’s state TV accused prominent dissident bloggers of taking part in a “cyber war” launched by the United States to destabilize Castro’s regime. An engineer from the Ministry of Information and pro-government bloggers accuse the United States of launching a counter-revolution in Cuba through “cyber-dissident proxies.” On the other hand, dissidents in Cuba accuse the government of demonizing the Internet in light of the role of online technologies in revolutions. In this video, Cuban dissidents argue that the regime “is nervous because social networks like Twitter and Facebook can play the same role in Cuba they did in Egypt and Tunisia.” (For documentation and analysis of the role of the Net in uprisings across the Middle East and North Africa, check out the OpenNet Initiative’s MENA Watch).

Another country that has demonstrated a concern over mass uprisings is China. Calls for a Jasmine Revolution amid uprisings across MENA has led to an increase in Web censorship. For instance, amid the Egyptian uprising, the country’s biggest Web portals—sina.com and netease.com—were found to be blocking the word “Egypt” in keyword searches.

Against this backdrop, Chinese customers and advertisers have increasingly been complaining about their Gmail service in the past month. Attempts by users to send messages, mark messages as unread and use other services have generated problems for Gmail customers. A spokesperson said that, “Relating to Google there is no issue on our side. We have checked extensively. This is a government blockage carefully designed to look like the problem is with Gmail.” Last week, Google announced that it had noticed “highly targeted and apparently political motivated attacks” against activists. China has denied the allegations.

While China is suspected of tampering with Google’s e-mail service, it has been reported that Microsoft Hotmail is blocking users in all Arab countries from using HTTPS. The HTTPS error screenshot can be seen here.

The biggest news this week has been the attack on the Internet security firm, the Comodo Group. Comodo issues digital certificates, which are encrypted files that tell a user’s Web browser that it is connecting to a real authentic Web site securely. It was announced that Comodo’s European affiliate had issued nine fraudulent certificates to Mozilla, Global Trustee, Gmail, Google, Skype, Yahoo and Windows Live. Comodo’s incident report can be found here.

This blogpost by Christopher Parsons as well as Mikko Hypponen’s (chief research officer at F-Secure) blog explains the threats posed by fraudulent security certificates.

According to the New York Times, the attack appears to be a part of a larger state-sponsored plan to eavesdrop on encrypted communications. Quoting Mikko Hypponen (chief research officer at F-Secure) the New York Times notes that with these certificates, attackers can “set up server computers that would appear to work for the targeted Web sites. A government that controls Internet traffic inside its country would be able to use such a server to gain access to encrypted e-mail and chat conversations and collect user names and passwords for individuals’ accounts. Further, the New York Times also notes that certificate theft have become a tactic of governments, as in the case of the Stuxnet worm which used stolen certificates.

Two of the IP addresses of computers used in the attack were assigned to Iranian ISPs. However, attribution is difficult to make, and as a Comodo blogpost points out, “this may be the result of an attacker attempting to lay a false trail.” Comodo nonetheless added that, “It does not escape notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups. The attack comes at a time when many countries in North Africa and the Gulf region are facing popular protests and many commentators have identified the Internet and in particular social networking sites as a major organizing tool for the protests.”

However, a lone Iranian hacker has claimed responsibility for the attack in posts on pastebin (statement here; decompiled code here; and account database here). Whether this is the case has been contested (the arguments are covered in this Computer World article). However, in his blogpost, Robert Graham of Erratta Security stated that: “As a pentester who does attacks similar to what the ComodoHacker did, I find it credible. I find it probable that (1) this is the guy, (2) he acted alone, (3) he is Iranian, (4) he’s patriotic but not political.” Graham also argues that there is very little evidence of attribution to the Iranian government.

Finally, the European Union spotted a cyberattack against its officials and diplomatic services. Little details have been revealed, however, a spokesperson has stated that the threat on the EU’s computer system is being taken very seriously due to the targeted nature of the attack.

Russian Prime Minister Vladimir Putin’s deputy blamed Google, the company behind the world’s number one Internet search engine, for stirring up trouble in the revolution that ousted Egyptian leader Hosni Mubarak.

“Look what they have done in Egypt, those highly-placed managers of Google, what manipulations of the energy of the people took place there,” Russian Deputy Prime Minister Igor Sechin told the Wall Street Journal in an interview published today (22 February).

The strength of the comments from one of Putin’s most trusted deputies is a clear signal of growing concern among Russian hardliners about the role played the Internet in the unrest which has swept across the Arab world, Reuters commented.

In fact, Sechin was asked by the WSJ’s Gregory White what he thought was needed for Russia to change in order to become more attractive to foreign investors.

He replied by saying that over the past 25 years everything had changed in Russia and that the country enjoyed one of the highest degrees of political stability in the world.

But White countered: “[Ousted Egyptian President Hosni] Mubarak probably said the same thing.”

This is not the first time that the ‘domino revolutions’ across the Arab world have been seen impacting upon Russia.

Speaking in the European Parliament recently, prominent Russian opposition leader Mikhail Kasyanov said that if his country’s citizens were denied the possibility of holding free and fair elections next December, the alternative would be “a revolution, not with camels like in Egypt, but with pistols and sticks”.

Mikhail Kasyanov, a former Russian prime minister (2000-2004) who is now leader of the Russian People’s Democratic Union (RNDS), a recently-established party, called on the EU to stay alert not only on election day but throughout political developments leading up to the elections.

Internet services to Libya are patchy after an outage over the weekend, according to a Google traffic report.

The Google Transparency Report, which gauges traffic to services such as Google Search and Google News, shows periods of zero activity overnight on 19 and 20 February, in contrast to previous traffic patterns.

Libya is caught up in violence surrounding protests against the government of Muammar Gaddafi, with over 60 people killed in Tripoli on Monday alone, according to Al Jazeera.

The country went completely offline on Friday night, according to internet monitoring company Renesys. The company said that Libya may be mimicking Egypt, which instructed many ISPs to halt the flow of internet traffic during protests which eventually deposed president Hosni Mubarak. Protesters in Egypt were using internet tools such as Facebook and Twitter to communicate.

At 23:18 GMT on Friday, 13 globally routed Libyan network prefixes were withdrawn, said Renesys in its blog post.

“We wondered whether anyone would repeat Egypt’s strategy,” said Renesys. “Tonight, it appears that we have our answer.”

At 6.01 GMT Saturday morning, two thirds of Libya came back onto the internet, said an update to the blog post, with the rest following nine minutes later. Comments on the Renesys post said that in some areas of Libya, including in the Benghazi region, there is no internet access.

Security company Arbor Networks noted that Bahrain, which has had protests against the incumbent government, also experienced reduced traffic flow between 14 and 16 February.

A wave of protests, beginning in Tunisia with the self-immolation of protester Mohamed Bouazizi in January, have spread over North Africa and the Middle East. Egypt, Bahrain and Libya have experienced reduced or non-existent traffic, with Egypt internet access restored last week, said Arbor Networks.

KOLKATA: Google Inc will not share the encryption keys of its email service with Indian security agencies as it would compromise the privacy rights of millions of Gmail users worldwide, a top company executive said.

The Union home ministry, intelligence agencies and the telecom department are collectively exploring mandatory sharing of software by all communication service companies in India, a sensitive issue with global firms. Some firms have already been asked to comply and Canada’s Research In Motion (RIM) is edging closer to January 31, 2011, deadline to hand over the encryption keys for its popular BlackBerry messaging services to intelligence agencies.

Google India products chief Vinay Goel said even if the Indian government requested, it would be impossible to offer real-time access since the Gmail service is governed by US laws. “When users entrust their data with us, we are expected to protect it, which is why, user privacy is very important for Google,” he said.

The Union home ministry or telecom ministry has not asked Google to share the encryption keys for Gmail, but even if the USbased internet search engine giant received such a request, it will be impossible to offer real-time access to Gmail communication, Goel said.

“But we are not advocating non-compliance and are definitely open to offering the Indian government access to encrypted Gmail communication in the event of a large-scale risk to human life and property,” he said. Indian authorities are seeking control over communication systems for internal security as intelligence agencies do not have the technical resources to intercept communication services and data transfers on the internet, especially when encryption levels exceed a certain threshold.

The government had two years ago asked all internet service providers in the country to lower encryption levels to better monitor communication systems in the country. Services on low encryption levels are to blame for country’s dismal internet penetration, say internet experts.

According to a newly released report by Barracuda Labs, based on a two-month study reviewing more than 25,000 trending topics and 5.5 million search results, Google remains the most popular search engine used by malicious attackers, relying on poisoned keywords.

The company, which also sampled Yahoo Search, Bing, and Twitter, contributes Google’s leading position to the fact that Google remains the market share leader in online search, and consequently the most targeted search engine.

Key highlights of the study:

* Overall, Google takes the crown for malware distribution – turning up more than twice the amount of malware as Bing, Twitter and Yahoo! combined when searches on popular trending topics were performed. Google presents at 69 percent; Yahoo! at 18 percent; Bing at 12 percent; and Twitter at one percent.
* The average amount of time for a trending topic to appear on one of the major search engines after appearing on Twitter varies tremendously: 1.2 days for Google, 4.3 days for Bing, and 4.8 days for Yahoo!
* Over half of the malware found was between the hours of 4:00 a.m. and 10:00 a.m. GMT. The top 10 terms used by malware distributors include the name of a NFL player, three actresses, a Playboy Playmate and a college student who faked his way into Harvard.

Interestingly, based on the data gathered, the most popular topic of choice for cybercriminals were spyware related searches, followed by entertainment news, with hosting sites, P2P and proxies related searches showing a significant growth. What’s worth highlighting while interpreting the data, is that it’s only valid for a specific period of time. How come? Controversial to the common misunderstanding that cybercriminals are picky about popular search terms, what they do is automatically syndicate the Web’s buzz for their malicious purposes.

Poisoned search engine results have been an active tactic in the arsenal of the cybercriminal for several years. The practice, known as blackhat SEO (search engine optimization) is now the primary source for hijacked legitimate traffic, which in a combination with the automatic compromising of hundreds of thousands of legitimate sites, exposes end users to everything a cybercriminal has to offer.

Go through related posts:

* Cybercriminals syndicating Google Trends keywords to serve malware
* Federal forms themed blackhat SEO campaign serving scareware
* 9/11 related keywords hijacked to serve scareware
* Haiti earthquake themed blackhat SEO campaigns serving scareware
* The ultimate guide to scareware protection

Although, Google’s aware of the situation, and is catching up pretty fast, cybercriminals remain ahead of the game, doing nothing else but playing by the SEO book. For instance, in a report released by Google in April, the company found out that scareware accounted for 15% of all malware, and that scareware represented 50% of the malware delivered through malvertising. The thing evasive practice that cybercriminals took advantage of to achieve these results, is by checking for the correct HTTP referrer.

Poisoned search engines are the inevitable result of the real-time Web, allowing cybercriminals to take advantage of the same tools and tactics, that legitimate marketers do. But being the market leader in online search, means that in 2010 your crawlers shouldn’t be that easily tricked into loading the legitimate content, with the malicious one served to the average Internet user.

What do you think? Is Google doing enough to protect its users from poisoned search engine results? Most importantly, can Google protect the end user from himself at the end of the day? Would the current situation have been any different if, for instance, Bing or Yahoo was the market share leader in online search?

http://www.zdnet.com/blog/security/google-tops-comparative-review-of-malicious-search-results/7009