Google has warned some senators and Senate aides that their personal Google accounts have been targets of attempted hacks backed by foreign governments, the company confirmed on Thursday.
Sen. Ron Wyden, D-Ore., wrote to Senate leaders on Wednesday that his office has discovered a number of senators and Senate staff members were warned by a major technology company “that their personal email accounts were targeted by foreign government hackers.”
A Google spokesman confirmed to NPR that the company showed the warnings, which typically say: “There’s a chance this is a false alarm, but we believe we detected government-backed attackers trying to steal your password.”
In a 2017 blog post describing these warnings, a Google threat analysis executive wrote that “the notice does not necessarily mean that the account has been compromised” but that “a government-backed attacker has likely attempted to access the user’s account or computer through phishing or malware, for example.”
Spokesmen for Wyden and Google declined to clarify when these hacking attempts against personal accounts of Senate officials took place.
In his letter, Wyden raised concerns that the Senate security office does not help ensure the security of U.S. officials’ personal accounts.
“The 2016 election made it clear that foreign government, including Russia are leveraging cyberspace to target the fundamental pillars of American democracy,” Wyden wrote, adding: “Our adversaries do not limit their cyber attacks to election infrastructure or eve to official government accounts and devices; they are also targeting U.S. officials’ personal devices and accounts.”
He wrote that the Senate Sergeant at Arms “refused to help” senators and staff members who had received Google’s warnings and informed those who had requested help “that it may not offer cybersecurity assistance for personal accounts.”
The office of the U.S. Senate Sergeant at Arms did not comment on Wyden’s concerns, but issued a statement:
“The SAA, as the custodian of US Senate data, follows industry best practices to provide state of the art Cybersecurity defenses against malicious attacks. We take this protection very seriously with appliance protection on the network and assisting staff with best practice education seminars. We do not, however, comment on the active defense of our system, the protections we have in place and how we protect our devices.”
Wyden’s letter says the Sergeant at Arms believes it can only use its budget to protect official government devices and accounts. Wyden says he plans to introduce a bill to change that “on an opt-in basis.”