The recent ‘spear phishing’ attack on Google’s email platform, targeting hundreds of user accounts has ended up in a political drama! The phishing email consisted of a well-crafted message that lured users to a login page similar to Google’s gmail log in portal. Google claimed that it had traced the source of these attacks and the evidence points to the capital of Shandong Province on China’s east coast. Chinese foreign ministry rejected these claims and said that such statements are unacceptable and there must be a hidden agenda behind all this.
It is inappropriate to repeat the whole story here, as there are many versions out there with enough details but I would like to share a thought with you. From a technical perspective I am convinced that Google has all the tools and expertise to decipher the source of such attacks and if their evidence shows that the perpetrators originated from a Chinese source, then I would rely on Google’s integrity and believe such claims. However, many bloggers and users on the Web concluded that the source is a Chinese individual or entity! Let’s for a moment assume that certain countries or entities have become known for supporting hacking activities, wouldn’t an astute western hacker launch the attacks from such sources as to divert evidence?
The ideal scenario would be the following: a reputable entity such as, Google would forward the evidence collected from its experts to a collaborating body or national authority in China (source nation) to further investigate the issue. Then, it is that nation’s responsibility to publish its findings and charge the culprit. May be, we are heading to this direction as more and more nations are participating in international Cyber-attack exercises using their security response teams and national authorities.