Report Links Sophisticated Hacking Scheme to Iran

Researchers have linked a sophisticated hacking scheme targeting Iranian dissidents back to Iran.

A report released Thursday by the Citizen Lab at the University of Toronto’s Munk School of Global Affairs describes how the hackers used text message and phone-based phishing to try to get around the security of Google’s Gmail and access the accounts of their targets.

The attacks studied by the Citizen Lab were very similar to others connected to Iranian hackers, the report says.

According to the report, some of the attacks began when the targets received text messages that appeared to be from Google saying that there had been an unauthorized attempt to access their Gmail accounts.

The hackers would then follow up with a carefully crafted email notification containing personal details and stating that the login attempt had been from “The Iran,” boosting the fears of people already worried about Iranian hackers.

The emails contained links directing the target to a page where they could reset their password. But in fact, the links were to phishing sites designed to collect the target’s password. The hackers would then, in real time, use the password to login to the user’s account and trigger the sending of an identification code to the target.

Gmail uses the code as a form of two-factor authentication, which adds a second layer of security on top of a person’s password. The hackers would then wait for the target to enter the code, collect it through the fraudulent website, and then use it to take control of the account.

In other cases, the targets were contacted by phone by a person speaking English or Farsi, the predominate language in Iran, who would make a “proposal” related to the target’s business activities. The fake proposal, usually promising thousands of dollars, would then be sent to the target’s Gmail in the form of an email containing a fake Google Drive link.

When the target clicked on the drive, they would be prompted to login with the Google credentials and ultimately the two-factor identification code, just like in the cases of the text messages.

While attempts to circumvent two-factor authentication security are nothing new when it comes to financial fraud-related hackings, the practice is fairly new to politically motivated attacks.

“It may be that, as a growing number of potential targets have begun using two-factor authentication on their email accounts out of a concern for their security, politically motivated attackers are borrowing from a playbook that financial criminals have written over the past decade,” the report reads.

The report emphasizes that these kinds of attacks are increasing, boosting the importance of two-factor authentication.

It notes that in the case of these hackers, the existence of the code significantly increased the amount of work required. The hackers were forced to actively monitor the phishing site and enter the information they collected in real time in order to take control of the accounts.

Without the existence of the code, the hackers could have just collected passwords through the fake website at their leisure, the report says.

Google Rejects ‘Unfounded’ EU Antitrust Charges of Market Abuse

Google Inc has rejected EU antitrust charges that it abused its market power, exposing the company to the risk of a hefty fine if it does not alter its business practices.

The company’s comments came after the European Commission in April accused it of distorting Internet search results to favour its shopping service, harming both rivals and consumers.

“Economic data spanning more than a decade, an array of documents and statements from complainants all confirm that product search is robustly competitive,” Kent Walker, Google’s general counsel, wrote in a blog on Thursday.

“We believe that the statement of objection’s preliminary conclusions are wrong as a matter of fact, law, and economics.”

The comments coincide with the company’s 150-page submission countering the Commission’s charges.

Commission spokesman Ricardo Cardoso confirmed the receipt of Google’s response to the charge sheet. “We will carefully consider Google’s response before taking any decision on how to proceed and do not want to prejudge the final outcome of the investigation,” he said.

If found guilty, the company could face a fine set at a level sufficient to ensure deterrence, according to the Commission’s charge sheet seen by Reuters. The EU antitrust authority can sanction wrongdoers up to 10 percent of their global turnover.

In his blog, Walker said the EU authority had failed to take into account strong competition from online retailers Amazon Inc and eBay Inc.

He also said Internet traffic had risen by 227 percent in the last decade in the countries where the Commission said it had abused its power to the detriment of rivals.

Same arguments
Walker said the regulator’s demand that Google give equal treatment to its rivals was “peculiar and problematic” and only justifiable if the company provided an essential service like an electricity company.

Google’s foes were scathing of the company’s arguments.

“We have seen this movie before. Defendants in big European antitrust cases have made the same arguments,” said Thomas Vinje, a lawyer at lobby group FairSearch, whose members include Microsoft Corp, Nokia Oyj and TripAdvisor Inc.

“And they argued, again like Google today, that the antitrust authorities just don’t get it, and that the remedy they demand cannot be implemented without causing technical and market chaos.”

Google has however been backed by one study by the Centre for European Reform, a pro-EU think tank. It surveyed prices of 63 items in Britain’s consumer inflation basket, comparing prices on Google Shopping with those of the first-placed retailer in normal search results.

Google Shopping was 2.9 per cent cheaper.

“Those who lose most from Google’s behaviour are producers, not consumers, at least in the UK,” author John Springford said in a report published last month.

“If Google’s prioritisation of its own shopping service gave it monopoly power, one would expect prices to be higher in its own service.”

Google Brings New Exhibits From Indian Museums Online

People can now see the latest exhibits from Kolkata’s Victoria Memorial Hall, Dastkari Haat Samiti and Ramamani Iyengar Memorial Yoga Institute among others, online as part of Google’s Cultural Institute.

The US-based tech giant has added over 2,000 new images and 70 virtual exhibits to its platform through partnerships with various Indian institutes to give a glimpse of the rich Indian heritage to viewers across the world.

“In the last two years, we have seen a huge traction to Google Cultural Institute. We have seen over 240 million page views. However, that has not affected these institutes negatively and they have seen higher footfalls,” Google Cultural Institute Director Amit Sood told PTI. Google is also helping some of these institutes to make the content even more accessible through mobile apps to help them showcase their exhibits, he added.

The unveiled collection also includes 26 new virtual tours of famous sites like the Ekattarso Mahadeva Temple and the royal saloon that once was part of the Palace on Wheels. “India has a rich heritage and culture and it has been our endeavour to showcase this to the world. Technology will play a crucial role in transforming and building a truly Digital India and in getting Indian culture and heritage online,” Minister of State for Tourism and Culture (Independent Charge) Mahesh Sharma said.

Google Cultural Institute was launched in 2012 in India with the National Museum and the National Gallery of Modern Art in Delhi as initial partners and now has 18 partners.