Hackers stole Google password program

Quoting sources directly involved with the investigation, the newspaper said that the source code for the system, of which little is publicly known, was stolen over a two-day period at the end of last year. Although the intruders did not appear to have stolen Gmail users' passwords, the New York Times speculates that the attackers may have made other discoveries of which Google is not even aware.

According to the report, attackers sent an instant message to a Google employee in China via Microsoft's Instant Messenger program. The message contained a link to a malicious website that infected the recipient's computer when followed. The attackers used this machine to compromise the computers of software developers at Google's headquarters, and from there were able to gain access to a software repository.

Ultimately, they gained access to the source code for the Gaia program, the report said. This could be particularly damaging, because it provides information about bugs in software, potentially before they have been rectified.

Lending further credence to suggestions that this was a sophisticated attack, the hackers appear to have researched information about the Gaia software developers in detail before mounting their attack. Having gained access to the stolen software, they then transferred it to computers hosted by Rackspace.

"It is not known whether software was sent from there," reported the New York Times. "The intruders had access to an internal Google corporate directory known as Moma, which holds information about the work activities of each Google employee, and they may have used it to find specific employees."

Google subsequently made significant changes to its single sign-on password system, introducing more security measures to help protect its assets. It has also tightened security in its data centers.

The search engine company declined to comment on the reports, other than to say that it had dealt with the intellectual property issues when it originally announced the attack in January. Google has been by far the most transparent company when it comes to talking about the attack, and has been engaged in a public debate with the Chinese government since it occurred, finally moving its search engine servers off the mainland to a Hong Kong location, and stopping the censorship of its results, which it had carried out when hosting its servers in China.

What’s Hot on Infosecurity Magazine?