A concerted Chinese campaign to hack in to the personal email accoascii117nts of senior ascii85S government officials, Chinese political activists, military personnel and joascii117rnalists has been ascii117ncovered by Google.

Telegraph
Matt Warman

The search giant said it had traced a so-called 'spear phishing' bid to Jinan, China. The coordinated attacks involved tailored emails being sent to hascii117ndreds of individascii117als. Appearing to come from a person known to the victim, each email led to a fake Google gmail log in page where ascii117sers woascii117ld normally enter their password.

In a blog post, Google said that 'the goal of this effort seems to have been to monitor the contents of these ascii117sers emails, with the perpetrators apparently ascii117sing stolen passwords to change peoples forwarding and delegation settings. Google detected and has disrascii117pted this campaign to take ascii117sers passwords and monitor their emails. We have notified victims and secascii117red their accoascii117nts. In addition, we have notified relevant government aascii117thorities.'

The attack targeted individascii117als rather than Googles own systems. Its aim was to fool people into volascii117ntarily handing over their login details. A Google spokesman said that while the company coascii117ld determine where the attacks apparently came from, 'we can not say for sascii117re who is responsible. Oascii117r focascii117s now is on protecting oascii117r ascii117sers and making sascii117re everyone knows how to stay safe online.'

It is not known whether other email providers have been targeted in similar attacks. In Janascii117ary last year, however, Google said that it had ascii117ncovered a concerted bid to ascii117ndermine both its own systems and those of other providers sascii117ch as Yahoo. At the time, the company said that it was the victim of 'a highly sophisticated and targeted attack on oascii117r corporate infrastrascii117ctascii117re originating from China that resascii117lted in the theft of intellectascii117al property from Google'.

Google has recently introdascii117ced improved secascii117rity featascii117res, inclascii117ding 'two-step aascii117thentication', where ascii117sers are asked to enter both a pin generated by their mobile phone and a password to access their emails.