[UPDATED] Google disables Baltimore officials' Gmail accounts created during ransomware recovery

Originally published at: https://boingboing.net/2019/05/23/google-disables-baltimore-offi.html


warnings on bad batches of heroin disabled

Wait what?


It would be interesting to know how Google IDed them and what sorts of confidence levels they use before sending in the sales team.

Certainly there are going to be login-location and various data and metadata cues that would be hard to avoid being blatant enough for some professional data searchers to catch on; but given the PR hit of stories of Gmail lockouts of people who send too much social email you people they also work with I’d imagine that Google would have an incentive to be relatively careful(quite possibly in a deeply creepy way that makes your average background check feel like impersonal chat about the weather; but careful).

Unless something has changed of late, the ability to use Gmail infrastructure with your domain is a pay feature regardless, so they are presumably talking about genuine consumer ‘reallybaltimoreiswear@gmail.com’ stuff.

I have to wonder if a torrent of phishing reports may have helped tip them off. In my capacity as a winnower of email I certainly see a lot of @gmail.com and @outlook.com and major ISP senders claiming to be all kinds of more official people; and that particular mail stream is sketchy as hell; much of it architecturally malicious(bugged attachments or phishing links) and even the technically clean commonly just social engineering attempts.

If I started seeing a coordinated-looking swarm of Gmail accounts pretending to be a municipality my instincts would not be to respond favorably, that’s for sure.


I’d suspect the most obvious signal may have been as simple as using officialPerson@baltimore.gov as a forwarding address. So if you suddenly create 200 new gmail accounts, use them only as forwarding addresses, and they all just showed up, it would stick out like a sore thumb…

Edit says bulk account creation from one network…

I don’t know, there’s not much in terms of free email addresses for business domains and a lot of different providers who all generally like to get paid. Still feels irresponsible to just put a large organization on a bunch of personal accounts when there are plenty of providers.


Some municipalities issue public health & safety advisories when they’re seeing OD clusters due to batches of (usually) adulterated drugs.


Because that’s just the kind of day, week, year, and century it’s been for Baltimore.


Like the (impromptu) municipality of Woodstock’s famous “brown acid” warning -

“To get back to the warning that I received. You may take it with however many grains of salt that you wish. That the brown acid that is circulating around us isn’t too good. It is suggested that you stay away from that. Of course it’s your own trip. So be my guest, but please be advised that there is a warning on that one, ok?”


Well, when the corporations give up the pretense of respecting representative elected government and openly take over, at least we’ll know what to watch for. /s


I wish my city would catch a break one of these days. :disappointed_relieved: With that said, I guess there’s a reason Baltimore features disproportionately in dystopian cyberpunk fiction…


". . . .when Google detected bulk account creation, which is "highly correlated to spammy-

Well that doesn’t sound like Baltimore!

-and fraudulent behavior.""

whistles tunelessly as beads of sweat roll

1 Like

Now that you mention it, “Mad Max: Charm City” pretty much writes itself, doesn’t it.


Stay away from the brown heroin, too! Wait, it’s all brown! How are you going to tell the difference? Just don’t do heroin, kids. Nevermind!

We already have the lawless groups of kids tearing through the city on motorcycle dirt bikes and quads, right?

This topic was automatically closed after 5 days. New replies are no longer allowed.