Google Serving Up Security Keys To 10,000 High-Risk Users

From the “this is attention grabbing department” comes the news that Google is giving security keys to 10,000 high-risk users including politicians and human rights activists, following recent hacker attempts on Gmail:

The USB keys provide two-factor authentication – an additional layer of security beyond a password.

Google says it wants to encourage people to join its “advanced protection programme” for high-profile users.

It follows news that the firm sent thousands of warnings to Gmail users who were targeted by hackers.

The warnings were issued after Google detected in late September a campaign targeting about 14,000 Gmail users “across a wide variety of industries”, Shane Huntley, director of Google’s Threat Analysis Group said in a statement.

Mr Huntley said the campaign came from from APT28 – a Russia-linked hacking group – and was a phishing attempt, which is an email campaign designed to look legitimate to trick people into revealing their passwords.

This is a good move to provide some protection to these high value targets. But don’t take my word for it. Toby Lewis, Global Head of Threat Analysis, Darktrace had this to say: 

“As sophisticated attacks against high-value targets persist, it is encouraging to see Google prioritizing the security for its users. Multiple times a day our artificial intelligence is detecting attacks, via email and SaaS accounts, specifically targeting CEOs and CFOs of multinational companies – there is no sign of this trend abating.  

This is the first time that a company is offering to set up hardware-based two-factor authentication for users for free. Essentially, the USB is a dongle that users can keep on their person, that acts as a second form of authentication. The idea is that even if an attacker compromises the username and password to a Google Account, they could not access the account without the USB.

However, what we have learned over the last ten years is that determined hackers will always find a way inside critical systems. These measures make hackers’ lives more difficult but they do not debilitate them. While the USB method add a layer of security, there are ways to defeat it. For example, most accounts have a recovery option, in the event the USB is lost – which could prove to be an opening for hackers. Alternatively, an attacker might look for ways to steal the physical device, having already gained access to the credentials.

We must accept that high value targets will have their systems compromised and so companies like Google also need to look at how they stop emerging attacks from escalating into a crisis once hackers are already inside.”

I suspect you’re going to see more of this. Which means that more users will benefit from this initiative.

Leave a Reply

%d bloggers like this: