Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
Editor's Blog and Industry Comments

Why is a GMail hack such a dangerous thing?

03 June, 2011
After the recent high profile mass hacking of GMail accounts in the USA, we look at why anyone would target a GMail account and what the implications are

GMail has gained high levels of popularity for a lot of good reasons - large amounts of free storage, contextual threading of e-mails, comprehensive labelling and tagging as well as instant messaging and piles of options, most of which are never used by the majority of casual e-mail users.

However, it is in these configurable options that the real value (as well as the real danger) of GMail lies.

If you have a GMail account, you can access Google Analytics for your web sites and you can gain tokenised access to other systems such as your YouTube account or your Flickr profile. If someone gets your GMail credentials, they've also got access to your Analytics, Flickr, YouTube and other associated accounts.... but that's just the tip of the iceburg!

Google docs provides a powerful collaborative document management system. You can upload and share spreadsheets, documents and PDFs including confidential commercial material. GMail's latest pop-up message in Google Docs reads "New! You can now upload folders - Upload entire folders from your computer to the cloud". All of this is accessible from your single GMail login credential, but it gets worse, much worse.

The following tutorial teaches you how to transfer all new e-mails from a GMail account you've compromised to another account of your choice whilst leaving the transferred e-mails in the GMail inbox apparently untouched:

From the GMail inbox, click on Options - Mail Settings

Click the Forwarding and POP/IMAP tab

Click "Add a forwarding address"

A pop-up will request the address you want to forward to. Fill in the details and GMail will send a confirmation e-mail to the address that you nominated.

Within the inbox of the nominated address, open the e-mail from GMail and click the confirmation link

Go back into Options - Mail Settings in GMail and click the Forwarding and POP/IMAP tab and you now have forwarding options.

These options include "Forward a copy of incoming mail to and Keep GMail's copy in the inbox"

Now you'll receive a copy of everything that is received in the GMail inbox you've targeted forever..... even if the owner changes his password! Since most GMail users don't even know this facility exists, the chances are that the breach will go undetected for a very long time.

So, as a GMail inbox owner, what can you do to prevent breaches:

1 - Don't use trivial passwords and change them regularly.

2 - Don't use common passwords for different accounts.

3 - Check your user settings to make sure no-one is taking a copy of your inbox. If a forwarding e-mail exists, it can be cancelled in the same panel.

4 - Commercially sensitive documents should be held on company servers and accessed using remote access and strong authentication. Web-based e-mail systems with weak security are not the place to be storing or sharing mission critical data.

You can read more on the recent GMail hacks below:

Chinese Google Hack Drives Extra E-mail Security Vigilence

Five Steps To Reduce The Chances Of Having Your Gmail Account Hacked

One-Time Password Can Provide Improved Protection To Web-Based E-Mail

Bookmark and Share