Google gives security keys to 10,000 high-risk users

Spread the love

Google is giving free physical USB security keys to 10,000 users at high risk of being hacked – such as politicians and human rights activists.

The USB keys provide two-factor authentication – an additional layer of security beyond a password.

Google says it wants to encourage people to join its “advanced protection programme” for high-profile users.

It follows news that the firm sent thousands of warnings to Gmail users who were targeted by hackers.

The warnings were issued after Google detected in late September a campaign targeting about 14,000 Gmail users “across a wide variety of industries”, Shane Huntley, director of Google’s Threat Analysis Group said in a statement.

Mr Huntley said the campaign came from from APT28 – a Russia-linked hacking group – and was a phishing attempt, which is an email campaign designed to look legitimate to trick people into revealing their passwords.

“As we always do, we sent those people who were targeted by government-backed attackers warnings”, Mr Huntley wrote, adding that the emails were successfully blocked.

The BBC is not responsible for the content of external sites.View original tweet on Twitter

APT28, also known as Fancy Bear, is a hacking group the US and UK governments say is operated by Russian military intelligence.

The group has targeted Google users in some of its highest-profile attacks.

In 2016, Dell Secureworks revealed the scale and scope of a phishing campaign by the group that targeted nearly 4,000 Gmail accounts “and corporate and organisational email accounts that used Gmail as a service”.

The accounts targeted included “staff working for or associated with Hillary Clinton’s presidential campaign and the Democratic National Committee”.

Material obtained in that attack was subsequently leaked in an alleged attempt to influence the US election.

Mr Huntley said in a Twitter thread that the latest warnings should not come as a surprise “if you are an activist/journalist/government official, or work in NatSec [National Security]”.

But he stressed that getting a warning did not mean you had been hacked.

The BBC is not responsible for the content of external sites.View original tweet on Twitter

Shortly after news of the warnings, the firm announced efforts to increase the security of accounts of users at high risk of being targeted by hackers.

Google announced it would be sending 10,000 users free “Titan” security keys. They are normally available to buy at a cost starting at £30 ($41).

In a blog post, the company said it had partnered with a number of organisations to help distribute the keys.

The firm also recently announced plans to “auto-enrol an additional 150 million Google users” into its two-factor authentication system, and require two million YouTube creators to activate it.

It combines both “something you know” (like a password) and “something you have” (like your phone or a security key) in order to stop an attacker who has, or guesses, your password gaining access to your account.

In May, the company said it would start automatically enrolling users into the more secure process.

Spread the love