February 20, 2013
Google Boasts Its GMail Network Is Safe From Cyber Crime
Michael Harper for redOrbit.com — Your Universe Online
On Monday, security firm Mandiant released a report which claims the Chinese military has a secret branch used to commit cyberattacks against the US, Canada, the UK and other English-speaking countries.The Friday before, Facebook, the world´s largest social network, announced they had been targeted by a “sophisticated attack” a month before, though no data was stolen.
It seems every company is having some sort of security breach recently, and Google has now taken the opportunity to let everyone know that they´re mostly doing a great job when it comes to protecting users´ email accounts.
According to Mike Hearn, Google security engineer, Spammers changed their approach to breaking into email accounts once Google began sending obviously spammy emails directly to the trash. This means hackers are now turning into account hijackers to appear as a real person with a real account sending a real email.
“Every day, cyber criminals break into websites to steal databases of usernames and passwords–the online “keys” to accounts. They put the databases up for sale on the black market, or use them for their own nefarious purposes,” writes Hearn.
When Gmailers use one password for multiple accounts or logins across the web (as too many people do) these leaked passwords become even more of a potential danger.
“With stolen passwords in hand, attackers attempt to break into accounts across the web and across many different services,” said Hearn.
“We´ve seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time. A different gang attempted sign-ins at a rate of more than 100 accounts per second. Other services are often more vulnerable to this type of attack, but when someone tries to log into your Google Account, our security system does more than just check that a password is correct.”
Hearn then brags on Gmail´s security settings, saying the service performs a “complex risk analysis” to determine if the proper owner of the account has signed in or if the account has been compromised.
If Gmail suspects foul play, it begins asking for some personal information, like the phone number associated with the account or one of the user´s pre-determined security questions.
“Using security measures like these,” said Hearn, “we've dramatically reduced the number of compromised accounts by 99.7 percent since the peak of these hijacking attempts in 2011.”
While it´s good news that companies are willing to take a few extra steps to protect their users, it´s always good to take the first step towards digital safety on your own. For instance, setting up strong passwords and adding two-step verification where available (as it is with Google services) can significantly help improve your digital security. As attacks become more sophisticated and plentiful, now is a good time to review any security measures you may or may not have in place.