Google is equipping 10,000 high risk users such as politicians and human rights activists with free USB security keys to prevent hackers stealing important data and information. The USB keys provide two-factor authentication which provides an additional layer of security beyond a password. Google is therefore inviting high-profile users to join its ‘advanced protection programme’.
This comes as a result of the news that the company sent thousands of warnings to Gmail users who had been targeted with malicious intent from overseas hackers. Around 14,000 Gmail users across a wide range of industries had been potentially affected and were issued with warnings in late September by Google.
Shane Huntley, Director of Google’s Threat Analysis Group said the campaign came from APT28 – a Russia-linked hacking group – and was a phishing attempt, which is a fake email campaign designed to lure people into revealing personal information such as passwords or bank details. “As we always do, we sent those people who were targeted by government-backed attackers warnings”, Huntley added, who also said that the emails were successfully blocked.
APT28, also known as Fancy Bear, is a hacking group the US and UK governments say is operated by Russian military intelligence. The group has targeted Google users in some of its highest-profile attacks.
In 2016, Dell Secureworks revealed the scale and scope of a phishing campaign by the group that targeted nearly 4,000 Gmail accounts. The accounts targeted included “staff working for or associated with Hillary Clinton’s presidential campaign and the Democratic National Committee”.
The material gathered from this cyber attack was consequently leaked, to allegedly influence the US election. Huntley went on to express in a Twitter thread that these warnings from Google should not come as a surprise especially for people that work in journalism, the government, activism or National Security. But he stressed that getting a warning did not mean you had been hacked.
Shortly after news of the warnings, Google announced efforts to increase the security of accounts of users at high risk of being targeted by hackers. The firm announced it would be sending 10,000 users free “Titan” security keys. They are normally available to buy at a cost starting at £30 ($41). In a blog post, the company said it had partnered with a number of organisations to help distribute the keys.
The firm also recently announced plans to auto-enrol an additional 150 million Google users into its two-factor authentication system and require two million YouTube creators to activate it. It combines both password and your phone or a security key in order to stop an attacker who has, or guesses, your password gaining access to your account. In May, the company said it would start automatically enrolling users into the more secure process.