Russian Hackers Exploits Google Flaw To Attack Journalists

Reports say that a team of Russian hackers has been exploiting a Google flaw to launch attacks on investigative journalists. This security flaw in a Google service was reportedly known to the web giant for the last many months and hadn’t been fixed.

The Salon Media Group reports– “A hacking team reportedly linked to the Russian government has been utilizing a security flaw in a Google service to launch attacks on investigative journalists. The web giant has known about the vulnerability since November of last year but has still failed to fix it.”

The hacker team “Fancy Bear” has reportedly exploited a security bug that lies within AMP (Accelerated Mobile Pages), a new Google initiative. The Salon Media blog says- “The security bug lies within Google’s implementation of a new internet standard it has been trying to promote called Accelerated Mobile Pages (AMP). Google has marketed AMP as a way of optimizing web pages for smartphones. Launched in late 2015, AMP is designed to provide simpler versions of websites that can load faster on the often slower data connections and microprocessors used by mobile devices.”

AMP, following heavy promotion by Google, has been accorded a warm welcome; it has been widely adopted. But at the same time, it has also had to face harsh criticism. Many noted experts had criticized AMP since they feel that AMP pages end up obfuscating true URLs, limiting the interface that websites can present to readers and encouraging searchers to never leave Google site. Some even criticize AMP for its potential for abuse by junk websites and also for other technical issues. The most notable issue is that since Google caches AMP webpages and provides Google.com addresses for them, cyber criminals can use them for carrying out phishing attacks. It’s this flaw that has reportedly been exploited by the “Fancy Bear” group.

The Fancy Bear group, which has been operative since the mid-2000s, is supposed to be linked to the Russian government and reportedly targets government, military, and security organizations. The group is linked to the cyber attacks on the French television station TV5Monde, the German parliament, NATO, the White House etc. It’s this group that’s supposed to be behind the cyber attack on the campaign of French presidential candidate Emmanuel Macron.

Fancy Bear has been using the Google AMP exploit reportedly to attack journalists who were engaged in investigating allegations of corruption and such other issues by people connected to the Russian government. Some such journalists have been sent malicious emails, by the hackers, claiming to be emails coming from Google. These emails would alert them that attempts are being made to steal their passwords and hence they need to reset their passwords. They would then be taken to a fake Google login page where they would enter their credentials. This the Russian hackers did by making use of Google’s AMP services. They would use AMP’s link shortening services to hide the fact that the page was not a legitimate Google site; it would also look readable if the targeted user was using a mobile phone.