Google has rushed to step up the security of Gmail, its web-based e-mail system, following the admission that hackers based in China had been partially successful in cutting through its security defences.
It also sought to reassure corporate users of its online applications that its “ cloud computing” services – applications like word processing that it runs centrally on its own servers – had not succumbed to the attacks.
However, the episode could still dent users’ confidence in the security of its web-based services, according to industry observers.
The attacks posed a direct challenge to Google’s ability to keep its customer data private and secure and required a strong response from the company, said Sandeep Aggarwal, an analyst at Collins Stewart.
“This is a pretty public blow against the security of the cloud,” added Whit Andrews, vice president at Gartner, the research company. The attacks could make some companies think twice about whether to adopt online services but was unlikely to have an effect on individual Gmail users, he added.
Google said that the direct attack on its corporate systems had led only to a limited amount of data about two Gmail accounts being accessed. However, it also said that attacks on its users had led to the Gmail accounts of “dozens” of human rights activists being compromised around the world. Those assaults took the form of “phishing” attacks, or attempts to trick users into giving up account details, and the planting of malicious software, or malware, on users’ PCs.
In response, the company said it began rolling out an extra layer of security to all users of is Gmail system on Tuesday night, and was now encrypting all e-mails as they travelled between users’ computers and the company’s servers, to prevent them from being intercepted by third parties.
It had previously left it to users whether or not they used encryption, since it sometimes slows the speed at which e-mails are transmitted, but has now made this protection mandatory.
Gmail had 170m unique users around the world in November, according to research firm ComScore.
Writing in a Google blog post, Dave Girouard, head of its division that sells services to companies, denied that the cyber-assaults had been “an attack on cloud computing”. He added: “While some intellectual property on our corporate network was compromised, we believe our customer cloud-based data remains secure.”
Some experts said that even if Google closes its operations in China, it will not make its users elsewhere in the world any more secure from attacks like those seen in recent weeks.
“The decision to pull out of China will not stop Gmail accounts being phished [attacked] or people trying to get hold of Google’s intellectual property,” said Whit Andrews, an analyst at Gartner. “They seem to be using these incidents as a casus belli.”
Get alerts on Chinese business & finance when a new story is published