Thanks to many people who have written in asking whether today's Google announcement of a new China-based wave of attacks on Gmail accounts is related to the takeover of my wife's Gmail account just after we spent two months in China this spring. As the official Google announcement says:
>>[W]e recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.
The goal of this effort seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change peoples' forwarding and delegation settings. (Gmail enables you to forward your emails automatically, as well as grant others access to your account.)<<
The short answer is: I can't yet know for sure, but I *think* that what happened to my wife was a case of "regular," small-stakes criminal hacking, to trick people to send in money, rather than anything more exotic or political. But I will say more about the whole situation of online email security, including the political and international aspects, in an upcoming article. On the other hand, some traits of what happened to my wife's account are similar to what the latest Gmail announcement warns about. For instance, redirecting all incoming mainly to a similar-looking but different account controlled by the hacker. And, hey, it's China!
Here is what I can be sure of: in case you haven't done so before, and in case your eyeballs skidded past my previous two zillion entreaties on this topic, if you use Gmail please install Google's relatively new, free "two-factor" authentication service. It reduces practically to zero the chance that anyone could control your account remotely, which in turn vastly increases your protection against attacks like these. Here are Google's official instructions, plus an earlier nag by me, Google has been fairly careful to "blame the hacker," rather than blaming the victims, in these episodes. But the truth is you'll blame yourself if you don't apply the two-step process and some day later get hacked.