This morning when I fired up my browser to check my e-mail, I found a warning message from Google. They said that my account might have been hacked, and that I should check the log. I found a suspicious use of my account by an unknow access type and a unknown IP to me. It said “bta.net.cn:202.106.182.228″.
At first I wasn’t sure if I was actually hacked or not, as I reside in China at the moment and the only recognition point was that the IP came from the country I live in. However, when I start googling this particular IP address, I found other people with the same error message. Example 1, Example 2, Example 3. Then, I traced this particular IP to be a Unicom Beijing address, which is suspicious because I haven’t been to Beijing for over 6 months now.
Now first of all, this problem is not bound to people living in China. There are people outside China that reporting this particular IP as well. In the example links I just shared, victims range from Canada to Hong Kong. And, of course phishing attacks are attempted worldwide. We don’t know the people behind the attack.
Am I worried? No. I have nothing to hide, but of-course I changed my password. Later I came to realize that the point of the attack might be outside my scope of view, maybe they want an access log, or see my contacts?
Also, my e-mail account is my central location for all the passwords I have, that is because most services require me to log in using email. So suddenly I realized I should protect my e-mail better. what to do?
Make sure your password does not get stolen in the first place
Be aware of possible phishing actions.
Over the past week, reports from Chinese Internet users indicate that when Gmail is accessed, users are auto-forwarded to a replica site at a different address (http://124.117.227.201/web/gmail/) where they’re asked to enter or re-enter their account information. Based on the rough translations available, users connect to this non-Google owned site if they use Google’s browser toolbar or simply enter the address “www.gmail.com.” There, they’ll face a classic phishing attack which has users giving away login usernames, passwords, and other personal information. China’s Gmail has been hijacked.
(Hackers hijack gmail in China, Fastcompany, 12 August 2010)
Other things to improve security:
Make sure you’re running HTTPS
if you go to Google preferences in your Gmail account, you’ve got an option to use encrypted access only. So called HTTPS access is available via https://mail.google.com and Google system offers an SSL-encrypted login by default. However, I turned this setting off when China blocked ‘https Google’ connections last winter. Note that your Gmail password is always encrypted when sent over the Internet.
PGP encryption
As a last resort,You could always consider GPG, which is secure, but a hassle to set up and leaving you with an e-mail box that cannot be google searched anymore by yourself. read more here.