RSS Alerts

Share

More services

Related Links

Related Stories

Top 5 Stories

News

Hackers stole Google password program

21 April 2010

The hackers responsible for the Operation Aurora attack against Google also managed to compromise its single sign-on password system, according to a report in the New York Times this week. The attack, which happened in December, targeted a highly secretive system operated by the search engine giant called Gaia last December.

Quoting sources directly involved with the investigation, the newspaper said that the source code for the system, of which little is publicly known, was stolen over a two-day period at the end of last year. Although the intruders did not appear to have stolen Gmail users' passwords, the New York Times speculates that the attackers may have made other discoveries of which Google is not even aware.

According to the report, attackers sent an instant message to a Google employee in China via Microsoft's Instant Messenger program. The message contained a link to a malicious website that infected the recipient's computer when followed. The attackers used this machine to compromise the computers of software developers at Google's headquarters, and from there were able to gain access to a software repository.

Ultimately, they gained access to the source code for the Gaia program, the report said. This could be particularly damaging, because it provides information about bugs in software, potentially before they have been rectified.

Lending further credence to suggestions that this was a sophisticated attack, the hackers appear to have researched information about the Gaia software developers in detail before mounting their attack. Having gained access to the stolen software, they then transferred it to computers hosted by Rackspace.

"It is not known whether software was sent from there," reported the New York Times. "The intruders had access to an internal Google corporate directory known as Moma, which holds information about the work activities of each Google employee, and they may have used it to find specific employees."

Google subsequently made significant changes to its single sign-on password system, introducing more security measures to help protect its assets. It has also tightened security in its data centers.

The search engine company declined to comment on the reports, other than to say that it had dealt with the intellectual property issues when it originally announced the attack in January. Google has been by far the most transparent company when it comes to talking about the attack, and has been engaged in a public debate with the Chinese government since it occurred, finally moving its search engine servers off the mainland to a Hong Kong location, and stopping the censorship of its results, which it had carried out when hosting its servers in China.

This article is featured in:
Cloud Computing • Compliance and Policy  • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012