Google Security Keys for High-Risk Users - Government Hacker Protection

Google Offers Security Keys to At-Risk Users Following Hacker Warnings

Google has announced plans to distribute free hardware security keys to approximately 10,000 users identified as being at “high risk.” This action follows a recent alert issued by the company regarding state-sponsored hacking attempts targeting thousands of Gmail users.

State-Sponsored Phishing Campaign Targeting Gmail Users

The warnings, originating from Google’s Threat Analysis Group (TAG), informed over 14,000 Gmail account holders that they were the focus of a phishing campaign orchestrated by APT28, also known as Fancy Bear.

Fancy Bear is believed to be linked to the GRU, Russia’s intelligence agency, and has been operational for over ten years. The group gained notoriety for its involvement in hacking the Democratic National Committee and conducting disinformation campaigns leading up to the 2016 U.S. presidential election.

Warnings Indicate Targeting, Not Necessarily Compromise

According to Shane Huntley, director of Google’s TAG, the warnings signify attempted targeting rather than confirmed account breaches. He clarified via a Twitter thread that the increased number of alerts this month stems from a few broadly aimed campaigns that were successfully blocked.

Huntley emphasized that these alerts are typical for individuals in high-profile positions. This includes activists, journalists, and government officials, as these are the primary targets of government-backed entities.

Advanced Protection Program and Security Key Distribution

Google stated in a blog post that the distribution of security keys will continue throughout 2021. This initiative aims to encourage enrollment in the Advanced Protection Program (APP).

The APP provides enhanced security for users with high visibility and sensitive data who are vulnerable to targeted online attacks. Security keys function by requiring physical authentication, making it significantly more difficult for phishing attacks to succeed.

New Partnerships to Enhance Security

In addition to the security key distribution, Google has announced new and expanded collaborations with several organizations. These include the International Foundation for Electoral Systems (IFES), UN Women, and the nonprofit Defending Digital Campaigns (DDC). These partnerships are designed to bolster security measures for the company’s most vulnerable users.

Support for Political Campaigns

Through its partnership with DDC, Google has already provided Titan Security Keys to over 180 eligible federal campaigns during the 2020 U.S. election cycle.

Currently, the company is collaborating with the organization to extend protection to state-level campaigns, political parties, committees, and associated organizations. This includes offering workshops and training sessions focused on defending against cyberattacks.