Google outs state-sponsored cyberespionage (again)

Google has  begun notifying individual Gmail account-holders that they may be the targets of “state-sponsored” attacks:

Google doesn’t say how it knows that particular accounts have been targeted, or even which “state” is sponsoring the attacks.  But here’s my guess.  Computer security experts have learned a lot from analyzing the most pervasive attacks.  The attackers are based in China, search for items that fit Chinese government intelligence priorities, and work Chinese government hours. They also use a predictable set of tactics to break into their targets’ machines, including spear-phishing with malware.

That predictability makes attribution a lot easier. It also means that, once a particular spearphishing campaign is identified, email providers can block any malware that hasn’t been delivered.

What email providers haven’t done up to now is use the attackers’ predictability to tell accountholders what the security experts already know — that particular attacks are state sponsored. This is obviously important information.  It’s one thing to know that some Nigerian fraudster is targeting me for cyberfraud.  It’s quite another thing to know that a large authoritarian government has me in its sights.

Trumpet

What I like about this tactic is not just that it will alert many people in a very personal way to the threat they’re under. Even better is the incentive system it creates for foreign governments engaged in widespread hacking.

Google is telling those governments, “You can try to spearphish our customers. But if we catch you, we’ll alert your targets, almost certainly making them harder to compromise. So every attack on Gmail makes your cyberespionage campaign less likely to succeed.”

It’s a little like a landowner who tells hunters, “Trespass on my land and I’ll follow you the rest of the day blowing a trumpet.”

Hmm.  Maybe deterrence can work in cyberspace.

PHOTO credit: Celeste Hutchins