Google gives security keys to 10,000 high-risk users


Google is giving free physical USB security keys to 10,000 users at high risk of being hacked – such as politicians and human rights activists.

The USB keys provide two-factor authentication – an additional layer of security beyond a password.

Google says it wants to encourage people to join its “advanced protection programme” for high-profile users.

It follows news that the firm sent thousands of warnings to Gmail users who were targeted by hackers.

The warnings were issued after Google detected in late September a campaign targeting about 14,000 Gmail users “across a wide variety of industries”, Shane Huntley, director of Google’s Threat Analysis Group said in a statement.

Mr Huntley said the campaign came from from APT28 – a Russia-linked hacking group – and was a phishing attempt, which is an email campaign designed to look legitimate to trick people into revealing their passwords.

“As we always do, we sent those people who were targeted by government-backed attackers warnings”, Mr Huntley wrote, adding that the emails were successfully blocked.

The BBC is not responsible for the content of external sites.View original tweet on Twitter

APT28, also known as Fancy Bear, is a hacking group the US and UK governments say is operated by Russian military intelligence.

The group has targeted Google users in some of its highest-profile attacks.

In 2016, Dell Secureworks revealed the scale and scope of a phishing campaign by the group that targeted nearly 4,000 Gmail accounts “and corporate and organisational email accounts that used Gmail as a service”.

The accounts targeted included “staff working for or associated with Hillary Clinton’s presidential campaign and the Democratic National Committee”.

Material obtained in that attack was subsequently leaked in an alleged attempt to influence the US election.

Mr Huntley said in a Twitter thread that the latest warnings should not come as a surprise “if you are an activist/journalist/government official, or work in NatSec [National Security]”.

But he stressed that getting a warning did not mean you had been hacked.

Comments are closed.

Subscribe to Newsletter