Google has issued a warning about state-sponsored attackers attempting to compromise user accounts.
According to a blog by Eric Grosse, vice-president of security engineering at Google, a subset of its users may be the target of state-sponsored attacks. “If you see this warning it does not necessarily mean that your account has been hijacked, it just means that we believe you may be a target of phishing or malware for example, and that you should take immediate steps to secure your account,” he said.
He would not go into detail about how it knows that this activity is state-sponsored "without giving away information that would be helpful to these bad actors", but said its detailed analysis and victim reports strongly suggest the involvement of states, or groups that are state-sponsored.
“We believe it is our duty to be proactive in notifying users about attacks or potential attacks so that they can take action to protect their information, and we will continue to update these notifications based on the latest information,” Grosse said.
It recommended using strong passwords and installing browser updates and plug-ins.
This alert followed a report by David Sanger at the New York Times that the United States and Israel were behind the Stuxnet virus. Anonymous sources who reportedly worked on the project, which was dubbed Olympic Games, were quoted in the article as saying that the National Security Agency, working with Unit 8200, a part of Israel's military, developed the worm to sabotage Iran's nuclear programme.
Sanger's book Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, reports that the sabotage strategy began in 2006 under the administration of George W. Bush as an alternative to a military strike, and because imposing sanctions on Iran was thought to be having undesirable economic consequences among allies.
The code was passed on to President Obama who was "strongly urged" to continue the programme; he gave the go-ahead and the attacks continued.
John Bumgarner from the US Cyber Consequences Unit suggested on Twitter that Bush was still working on Stuxnet just a few days prior to the 2009 inauguration of Obama, and that the project was under way for approximately four years before Obama took office.
He also said that Obama then green-lighted the project five months after taking office.
Gartner's Anton Chuvakin said that there were some interesting implications of this, mainly that malware that is working for the 'good guys' needs a new language and that a developer of such is now a legitimate occupation that someone can put on their resumé.
He said: “This is (to the best of my knowledge) the first example of technology invented by criminals and then adopted for legitimate military purposes that happened in modern times.”