Google is providing free physical USB security keys to 10,000 users who are at high risk of being hacked, including politicians and human rights activists.
USB keys offer two-factor authentication, adding an extra layer of security over a password alone.
Google says it wants to encourage people to join its “advanced protection programme” for high-profile users.
It comes after the company sent thousands of warnings to Gmail users who were hacked.
According to Shane Huntley, director of Google’s Threat Analysis Group, the warnings were issued after Google detected a campaign targeting about 14,000 Gmail users across various industries in late September.
According to Mr Huntley, the email campaign originated from APT28, a hacking group with Russian connections, and was a phishing effort, which is an email campaign designed to appear legitimate in order to get people to reveal their passwords.
Mr Huntley wrote, “As we always do, we sent warnings to those who were targeted by government-backed attackers.” He added that the emails were blocked.
Huh. I've had security warnings before, but this one just came to me hours after a similar Google alert to my @theatlantic colleague @JamesFallows. Both of us already use Advanced Protection. https://t.co/UptU2rrVIr pic.twitter.com/lk2JTrBLh5
— Barton Gellman (@bartongellman) October 7, 2021
The US and UK governments claim APT28, also known as Fancy Bear, is a hacking group operated by Russian military intelligence.
The group has targeted Google users in some of its most prominent attacks.
As Dell Secureworks revealed in 2016, over 4,000 Gmail accounts were attacked as part of an elaborate and targeted phishing attack by the group.
Among the users targeted were those who worked for Hillary Clinton’s presidential campaign and the Democratic National Committee.
Obtaining the materials from that attack led to allegations of influencing the US election with the information obtained.
As Mr Huntley said in a Twitter thread, the latest warnings shouldn’t come as a surprise “if you are an activist, journalist, government official, or work in NatSec [National Security]”.
A warning doesn’t necessarily mean that you have been hacked, he stressed.
TAG sent a above average batch of government-backed security warnings yesterday. Some info for people who got the warning and a reminder what it means:https://t.co/ozlRL4SwhG
and also in this 🧵
— Shane Huntley (@ShaneHuntley) October 7, 2021
Immediately after the warnings were issued, the firm announced steps to ensure the security of accounts of users at high risk for hacking.
As part of its Titan security key giveaway, Google will send 10,000 free codes to users. Normally, they are available for purchase for a starting price of £30 ($41).
The company said it had partnered with several organizations to help distribute the keys in a blog post.
Furthermore, Google recently announced plans to “auto-enrol an additional 150 million Google users” in its two-factor authentication system, as well as require two million YouTube creators to activate it.
To prevent an attacker from gaining access to your account with your password, it uses both “something you know” (like a password) and “something you have” (like your phone or a security key).
In May, the company said it would start automatically enrolling users into the more secure process.
