The U.S.government is “very concerned” about Google’s claim that the personal email accounts of senior U.S. officials and military leaders might have been breached in a phishing attack originating in China, Secretary of State Hillary Clinton said today.
“These allegations are very serious,” she told reporters, adding that the FBI will investigate the matter. “We take them seriously. We are looking into them.”
Google said Wednesday it had evidence of a phishing attack — in which users are tricked into revealing their passwords or into clicking on a link that can infect their computer with a virus — that appeared to target specific individuals to access their email accounts.
“We recently uncovered a campaign to collect user passwords, likely through phishing,” the company said on its official blog. “This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”
Clinton declined to provide additional information about the incident, citing the sensitivity of the ongoing investigation, but said Google notified the State Department of what it had found prior to the public announcement.
“The goal of this effort seems to have been to monitor the contents of these users’ emails,” Google said, adding that it had disrupted the efforts and notified the victims and government authorities.
The Chinese government has denied any involvement in the attack. Such allegations are “groundless and with an ulterior motive,” a Foreign Ministry official reportedly said.
One cabinet-level official is among those affected by the phishing campaign, the Washington Post reported today. The Post also cited unnamed officials as saying that while no government email accounts were breached, a trove of emails was accessed and they are unable to tell whether any official business was discussed using the personal email accounts.
The incident is unlikely to be the last such cyber attack, Clinton said, warning that the U.S. government must be ready for the next one.
“We know this is going to be a continuing problem and therefore we want to be as prepared as possible to deal with these matters when they come to our attention,” she said.
Clinton was careful not to accuse the Chinese government of any wrongdoing, but the incident will do little to ease recent tensions between Beijing and Washington.
In an effort to begin to smooth things over, Clinton and Treasury Secretary Timothy Geithner hosted senior Chinese officials in Washington last month for high-level talks. Military leaders from both sides followed up with talks of their own and outgoing Defense Secretary Robert Gates arrived today in Singapore where he will meet with his Chinese counterpart during an annual defense conference.
Separately, the Pentagon is soon expected to publish a report stating that a cyber attack could be considered an act of war, just like a conventional offensive, and therefore could merit a military response.
“A response to a cyber incident or attack on the U.S. would not necessarily be a cyber response; all appropriate actions would be on the table if we are attacked in cyber,” Pentagon spokesman Col. David Lapan told reporters Tuesday.