Skip to main content

An update on state-sponsored activity

We’ve invested in robust systems to detect phishing and hacking attempts, identify influence operations launched by foreign governments, and protect political campaigns from digital attacks through our Protect Your Election program.

Our Threat Analysis Group, working with our partners at Jigsaw and Google’s Trust & Safety team, identifies bad actors, disables their accounts, warns our users about them, and shares intelligence with other companies and law enforcement officials.

This week, there has been a lot of news about attempted state-sponsored hacking and influence campaigns. We wanted to provide an update on some of our ongoing work in this area:

  • State-sponsored phishing attacks 
  • Technical attribution of a recently-reported influence campaign from Iran 
  • Detection and termination of activity on Google properties

State-sponsored phishing attacks

Phishing—attempts to trick users into providing a password that an attacker can use to sign into an account—remains a threat to all email users. Our ​improving ​technology has enabled ​us to ​significantly ​decrease ​the ​volume of ​phishing ​emails that ​get ​through to our users. ​Automated ​protections, ​account ​security ​(like ​security ​keys), ​and specialized ​warnings give ​Gmail users industry-leading ​security. As part of our security efforts, for the past eight years, we’ve displayed prominent warnings to Gmail users who are at risk of phishing by potentially state-sponsored actors (even though in most cases the specific phishing attempt never reaches the user’s inbox).

In recent months, we’ve detected and blocked attempts by state-sponsored actors in various countries to target political campaigns, journalists, activists, and academics located around the world. When we’ve seen these types of attacks, we’ve notified users as well as law enforcement.

On Monday morning, we issued our most recent series of notifications to Gmail users who were subject to suspicious emails from a wide range of countries. We posted about these sorts of warnings here—if you received this type of warning, please read the blog post and take action immediately.

Iran and FireEye

To complement the work of our internal teams, we engage FireEye, a leading cybersecurity group, and other top security consultants, to provide us with intelligence. For the last two months, Google and Jigsaw have worked closely with FireEye on the influence operation linked to Iran that FireEye identified this week. We’re grateful to FireEye for identifying some suspicious Google accounts (three email accounts, three YouTube channels, and three Google+ accounts), which we swiftly disabled. FireEye’s full report has just been published today. It’s worth reading.

In addition to the intelligence we received from FireEye, our teams have investigated a broader range of suspicious actors linked to Iran who have engaged in this effort. We’ve updated U.S. lawmakers and law enforcement about the results of our investigation, including its relation to political content in the United States. We wanted to provide a summary of what we told them.

Connections to IRIB: forensic evidence

Our technical research has identified evidence that these actors are associated with the IRIB, the Islamic Republic of Iran Broadcasting.

We can’t go into all the technical details without giving away information that would be helpful to others seeking to abuse our platforms, but we have observed the following:

  • Technical data associated with these actors is strongly linked to the official IRIB IP address space.
  • Domain ownership information about these actors is strongly linked to IRIB account information.
  • Account metadata and subscriber information associated with these actors is strongly linked to the corresponding information associated with the IRIB, indicating common ownership and control.

These facts, taken together with other technical signals and analysis, indicate that this effort was carried out as part of the overall operations of the IRIB organization, since at least January 2017. This finding is consistent with internet activity we’ve warned about in recent years from Iran.

Detecting and terminating activity on Google properties

Actors engaged in this type of influence operation violate our policies, and we swiftly remove such content from our services and terminate these actors’ accounts. Additionally, we use a number of robust methods, including IP blocking, to prevent individuals or entities in Iran from opening advertising accounts.

We identified and terminated a number of accounts linked to the IRIB organization that disguised their connection to this effort, including while sharing English-language political content in the U.S.:

  • 39 YouTube channels that had 13,466 total US views on relevant videos; 
  • 6 blogs on Blogger
  • 13 Google+ accounts

Our investigations on these topics are ongoing and we will continue to share our findings with law enforcement and other relevant government entities in the U.S. and elsewhere, as well as with others in the industry.

The state-sponsored phishing attacks, and the actors associated with the IRIB that we’ve described above, are clearly not the only state-sponsored actors at work on the Internet. For example, last year we disclosed information about actors linked to the Internet Research Agency (IRA). Since then, we have continued to monitor our systems, and broadened the range of IRA-related actors against whom we’ve taken action. Specifically, we’ve detected and removed 42 YouTube channels, which had 58 English-language political videos (these videos had a total of fewer than 1,800 U.S. views). We’ve also identified and terminated the account associated with one blog on Blogger.

We continue to actively monitor our systems, take prompt action, share intelligence, and remain vigilant about these and other threats.


by via The Keyword

Comments

Post a Comment

Popular posts from this blog

certain keys on my keyboard dont work when "cold"

Hi guys, i have a Lenovo Y520-15IKBN (80WK) and certain keys on the keyboard don't work (e,g,h,8,9,Fn...) but only when the weather is cold. for example in the winter it used to work after certain amount of time when i first boot the laptop and stops working when i stop using it for a while, but now that the weather is hot it works just fine except for the first couple of minutes or when its colder. of course i do realise that it has nothing to do with the outside weather but with the temperature of the computer itself. can someone explain to me why this is happening and how it should be fixed as i cannot take it to the tech service until july even though it's still under warranty because i need it for school. ps: an external keyboard works fine. Submitted April 29, 2018 at 03:35PM by AMmej https://ift.tt/2KiQg05
Post a Comment
Read more

Old PC with a Foxconn n15235 motherboard needs drivers! Help!!

So my Pc corrupted and I had to fresh install windows on it, but now its missing 3 drivers and one of them is for the Ethernet controller! I've tried searching everywhere for the windows 7 drivers but all I seem to find are some dodgey programs saying they will install it for me. Problem is without the ethernet driver I can't bloody connect to the internet. I've been using a USB to try get some drivers on there, but they just end up being useless programmes . I'm also a bit of a noob at these things, I don't understand where to find the names of things in my PC, I've opened it up but I don't understand whats significant and what isnt. If someone has the drivers and can teach me how to install them I'd be very appreciative! Submitted April 29, 2018 at 02:47PM by darrilsteady https://ift.tt/2r76xMZ
Post a Comment
Read more