As we all know "
This site may harm your computer" warning and for years every site owner had tried hard not to get that label. Few days ago Google announced a
Gmail warning message for the targets of state-sponsored attacks.
Cool! How did Google do it? They can’t go into the details as those explanations would be helpful to the bad guys.
Nevertheless, at
Xecure Lab, we regularly scan our personal Gmail accounts too for APT emails (our
XecMail has a plugin for it) and there were no signs of APT attacks in our record recently. Surprisingly, we had chance to witness this Google state-sponsored attackers warning message:
(in English)
(in Chinese)
We speculated Google did the analysis not from "inside" by scanning the emails, e.g. looking for APT document exploit, but from "outside" by probably monitoring account login attempts involving known malicious sources or traffic protocols.
Anyway, we followed the
Protect yourself now instructions, a few suggestions were given:
1. Watch out before you click a link.
2. Use a strong password.
3. Update software to the latest.
4. Enable 2-step verification.
Great, only the last one was something new at that moment, and we would like to give it a try.
With 2-step verification, Google will send SMS code to your phone when login sucessfully but with any strange device:
Oops, that means one has to repeat the above 2-step verification several times once a month, if not everyday. We also tried the "Call your phone" alternative instead of sending text, the call was from the phone number +1 (650) 353XXXX.
Lastly, when we changed the password in Google account, we'd have to go through the whole 2-step verification again. Right, a trade-off between security and convenience. ;-)