Today, Google announced that it will notify a subset of its Gmail customers if they're the victim of a State-sponsored attack. The actual wording is "Warning. We believe that state-sponsored attackers may be attempting to compromise your account or computer." However as you read further down Google's blog posting, it seems like an actual attack isn't required to receive this warning. Google may send it to you if they believe that you "may" be targeted.
There are so many things wrong with this new Google initiative that I hardly know where to begin.
First, it generates fear on the part of Google's customers because regardless of the fine print, such a warning will most likely send the recipient into panic mode when there's no reason to panic.
Second, it makes a claim which upon investigation is so vague that it's meaningless. You may be the victim of a state or someone working on a state's behalf? That's pretty much the case for all targeted attacks.
Third, if you are a target of interest for a foreign intelligence service (FIS), one of the first things you should do is STOP USING GMAIL or any popular cloud-based service that cannot guarantee you where in the world on its many data farms your data resides. If the Mossad, the FSB, the MSS, or the NSA is interested in you, they'll find a way to legally and covertly intercept your data without sending a spear phishing email to your Gmail account.
Spear phishing attacks are used by both financial cyber criminals as well as hacker crews who, having cracked a high value target's account, will sell that information to a FIS, a corporate competitor, or some other customer. Security advice for a high value target (which is what my firm specializes in) could range from moderately to highly restrictive depending on who you are but one thing's for sure. None of Google's recommendations will keep you safe if you're in that group.
On the other hand, if you aren't a HVT, read my article "Cyber Self Defense for Non Geeks" to understand what your best security options are. The bottom line as far as Google's advice is concerned is that it's FUD-inducing for the people who aren't targets and its insufficient for those who are. I have to wonder what Google was thinking when it created this awful program.
Add to Cart
If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware ....The warning then makes recommendations that you increase your security by selecting a strong password, using Google's two-step verification, updating your browser, etc.
There are so many things wrong with this new Google initiative that I hardly know where to begin.
First, it generates fear on the part of Google's customers because regardless of the fine print, such a warning will most likely send the recipient into panic mode when there's no reason to panic.
Second, it makes a claim which upon investigation is so vague that it's meaningless. You may be the victim of a state or someone working on a state's behalf? That's pretty much the case for all targeted attacks.
Third, if you are a target of interest for a foreign intelligence service (FIS), one of the first things you should do is STOP USING GMAIL or any popular cloud-based service that cannot guarantee you where in the world on its many data farms your data resides. If the Mossad, the FSB, the MSS, or the NSA is interested in you, they'll find a way to legally and covertly intercept your data without sending a spear phishing email to your Gmail account.
Spear phishing attacks are used by both financial cyber criminals as well as hacker crews who, having cracked a high value target's account, will sell that information to a FIS, a corporate competitor, or some other customer. Security advice for a high value target (which is what my firm specializes in) could range from moderately to highly restrictive depending on who you are but one thing's for sure. None of Google's recommendations will keep you safe if you're in that group.
On the other hand, if you aren't a HVT, read my article "Cyber Self Defense for Non Geeks" to understand what your best security options are. The bottom line as far as Google's advice is concerned is that it's FUD-inducing for the people who aren't targets and its insufficient for those who are. I have to wonder what Google was thinking when it created this awful program.
0 komentar:
Posting Komentar