Did you read the recent story about how Google has been notifying Gmail users that their e-mail accounts were under siege by "state-sponsored attackers?" I did, and it's deeply concerning.
As the New York Times reported, tens of thousands of Google users began receiving notices that their Google and Gmail accounts were "at risk of state-sponsored attacks." A slew of what the Times described as "American journalists and foreign policy experts" received the warnings and -- things being what they are -- immediately took to Twitter to pass the news along. The account alerts are part of an initiative, launched by Google in June, to alert its users when the search giant detects evidence that specific accounts have become entangled in global, nation-state backed cyber espionage campaigns.
As I said: it's deeply concerning but, well, not really news. In fact, what first drew my eyes to the story was the sneaking suspicion that I'd written an almost identical story some time long ago. A couple quick searches confirmed it: September 23, 2010: " Google Warning Gmail users on China Spying Attempts." The details in that story were pretty much the same as the latest round of coverage: journalists and human rights activists were logging onto their Google accounts and finding out that they had been accessed from abroad I interviewed a victim, Alexander Hanff, who works for Privacy International in the UK. Hanff had recently given a speech at a EU-China Human Rights Network seminar that was attended by high-level officials of the Chinese government. Possibly a coincidence -- but who are we kidding, right?
Even two years ago I was late to the story. My then-colleague Ryan Naraine reported on Google's addition of "suspicious log-in alerts" back in March of the same year. Those alerts notified users when their account was accessed from a suspicious IP address in a suspicious country The story got revamped in June, when Google said it would refine its warnings to call out "state-sponsored attacks" against accounts when they occur. Then, a whole bunch of people got said warnings, and the new cycle started all over again.
How can we explain this? My opinion is that the security industry's penchant for speaking euphemistically about cyber threats has grown in proportion to the threats, themselves. And, at this late date, I've finally arrived at a point of absurdity. The language we use to talk about the phenomenon of "cyberattacks" has become impossibly opaque and that opacity clouds our understanding of the problem that's right before us. Speaking so vaguely about so many threats for so long, we've lost the ability to even understand what we're talking about and discern what's news and what isn't.
Sign up for CIO Asia eNewsletters.