James Delahunty
19 Feb 2013 22:18
Google has given details about its fight against account hijacking, showing how the company has reduced the amount of accounts stolen by 99.7 percent since a peak in 2011.
Most Google accounts hijacked are compromised because of poor password decision making. Many Internet users tend to use the same password for every service they use, so they can easily remember their login details each time. This presents an obvious problem; only one of those services needs to be hacked to put all of your other accounts at risk.
This is exactly what Google has observed happening in recent years. The spam filter for its service only allows less then 1 percent of spam to get through to inboxes, so spammers changed their habits in recent years.
Compromised databases of passwords and other items are sold in underground markets to spam groups who will then check the passwords against stored e-mail addresses. If successful, the spammers will send more personalized e-mails to contacts.
"We've seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time," Mike Hearn, Google Security Engineer, wrote. "A different gang attempted sign-ins at a rate of more than 100 accounts per second."
Google takes some extra steps to confirm that you are who you say you are, every time there is a login attempt (whether it is through a browser or some other method.) More than 120 variables determine the validity of the login, and if anything seems awry, then Google will prompt for more information.
For example, if a login attempt appears to come from a location that is very remote from your previous login, Google may ask for the phone number associated with the account, or for the answer to the security question.
Since Google added more variables, the number of compromized accounts has fallen by 99.7 percent since a peak in June 2011. Time for spammers to evolve again.