Google gives security keys to 10,000 high-risk users


Mr Huntley said the campaign came from from APT28 – a Russia-linked hacking group – and was a phishing attempt, which is an email campaign designed to look legitimate to trick people into revealing their passwords.

“As we always do, we sent those people who were targeted by government-backed attackers warnings”, Mr Huntley wrote, adding that the emails were successfully blocked.

The group has targeted Google users in some of its highest-profile attacks.

The accounts targeted included “staff working for or associated with Hillary Clinton’s presidential campaign and the Democratic National Committee”.

Material obtained in that attack was subsequently leaked in an alleged attempt to influence the US election.

Mr Huntley said in a Twitter thread that the latest warnings should not come as a surprise “if you are an activist/journalist/government official, or work in NatSec [National Security]”.

But he stressed that getting a warning did not mean you had been hacked.

Shortly after news of the warnings, the firm announced efforts to increase the security of accounts of users at high risk of being targeted by hackers.

Google announced it would be sending 10,000 users free “Titan” security keys. They are normally available to buy at a cost starting at £30 ($41).

In a blog post, the company said it had partnered with a number of organisations to help distribute the keys.

The firm also recently announced plans to “auto-enrol an additional 150 million Google users” into its two-factor authentication system, and require two million YouTube creators to activate it.

It combines both “something you know” (like a password) and “something you have” (like your phone or a security key) in order to stop an attacker who has, or guesses, your password gaining access to your account.

In May, the company said it would start automatically enrolling users into the more secure process.

Source: citinewsroom