[Infowarrior] - Russian Hackers Are Using Google's Own Infrastructure to Hack Gmail Users

[Richard Forno]

Russian Hackers Are Using Google's Own Infrastructure to Hack Gmail Users

https://motherboard.vice.com/en_us/article/russian-hackers-are-using-googles-own-infrastructure-to-hack-gmail-users

Russian government hackers seem to have figured out that sometimes the best way to hack into people's Gmail accounts is be to abuse Google's own services.

On Thursday, researchers exposed a massive Russian espionage and disinformation campaign using emails  designed to trick users into giving up their passwords, a technique that's known as phishing. The hackers targeted more than 200 victims, including, among others, journalists and activists critical of the Russian government, as well as people affiliated with the Ukrainian military, and high-ranking officials in energy companies around the world, according to a new report.

Researchers at the Citizen Lab, a digital rights research group at the University of Toronto's Munk School of Global Affairs, were able to identify all these victims following clues left in two phishing emails sent to David Satter, an American journalist and academic who's written Soviet and modern Russia, and who has been banned from the country in 2014.

< - >

The "Change Password" button linked to a short URL from the Tiny.cc link shortener service, a Bitly competitor. But the hackers cleverly disguised it as a legitimate link by using Google's Accelerated Mobile Pages, or AMP. This is a service hosted by the internet giant that was originally designed to speed up web pages on mobile, especially for publishers. In practice, it works by creating a copy of a website's page on Google's servers, but it also acts as an open redirect.

According to Citizen Lab researchers, the hackers used Google AMP to trick the targets into thinking the email really came from Google.

< - >