When I received my first warning from Google that “state-sponsored attackers may be attempting to compromise” my Gmail account, I was relieved. It was a few days after The New York Times acknowledged that the Chinese government was attempting to hack the emails of the paper’s reporters. The Wall Street Journal and other big news outlets followed with similar disclosures. To be real, I felt left out.
Spokespeople for Google would not discuss how they know state-sponsored attackers are attempting to break into my Gmail or what state is sponsoring the attack. It’s for my own good, I was told. “In order to protect the integrity of our detection systems and the security of our users, we can’t go into detail about how the warnings are generated,” a spokeswoman for Google said.
The leading suspect, though, is China. After all, The New York Times disclosed Tuesday that a new report from Mandiant, the company that helped the paper discover the initial hacks of its reporters, had traced many recent cyber attacks to a 12-story white building on the outskirts of Shanghai that hosts Unit 61398 of the People’s Liberation Army. Apparently, Unit 61398 is the Mandarin phrase for “you should update your anti-virus software.”
Steve Chabinsky, former deputy chief of the FBI’s cyber division and now a senior executive at the cyber-security firm Crowdstrike, told me he suspects China is behind the attempts to read my Gmails. “When you are as brazen and persistent and widespread as China, your reputation precedes you,” Chabinsky said.
It is true that the Chinese appear to be hacking everybody these days. Through an operation known as “Shady Rat,” first uncovered by McAfee, the Chinese government tried to hack servers for the International Olympic Committee and the Association of South-East Asian Nations. Last year, the Chinese hacked staffers working on Asia policy for the U.S. Chamber of Commerce. In 2009, the Chinese even hacked Google in something called Operation Aurora.
The Chinese also are known for something called “spear phishing.” This is when you receive an email that appears to be from a legitimate contact, but it includes an attachment that unleashes malicious code and gives the hacker remote access to your machine.
Asked about the pink and purple Gmail banner warnings I was receiving, Chabinsky said, “A state is interested in your sources.” Get in line, I thought. But Chabinsky has a point. A good state-sponsored hacker would attempt to figure out my contacts and then trace back how I was getting my information. If a U.S. government official was on that list, the foreign government could attempt to blackmail the official. If I was Gchatting with Chinese dissidents, the state could compile evidence for a political trial.
Fortunately, I have assumed my email was vulnerable to snooping for a while now. If hackers could penetrate the servers of U.S. Central Command with a thumb drive, how am I supposed to protect my MacBook Pro? For the national-security reporter, there really is no substitute for the face-to-face meeting.
But I also wanted to be sure it was China. After all, lots of people might want to hack me. What about Iran? I wrote a piece in 2011 that was used in what appeared to be an Iranian spear phishing attack. Or perhaps Israel’s Unit 8200 was hacking my Gmail account to make me think it was Iran. My mom has been all over the Internet since she got an iPad. Could she be the hacker? She’s definitely an interested party.
So I put the question to Geng Shuang, spokesman for the Chinese Embassy in Washington. “I don’t know your specific case,” he said. “With regard to the general issue, the Chinese laws prohibit these kinds of attacks. We do what we can to prevent this. We are also the victim of these hacking attacks.”
Well, that’s reassuring. Then Geng helpfully gave me an address to email if I had any further questions, firstname.lastname@example.org. When I asked him why the embassy’s press shop would use Gmail instead of a more official account, he said, “Gmail is free and it’s convenient.”
Then I remembered Operation Aurora. Maybe the next time I have to contact the embassy I won’t even have to push send. Unit 61398 is more than capable of delivering the email for me.