Cyber attack on Google hit password system, says insider

News

Cyber attack on Google hit password system, says insider

Warwick Ashford

A Google insider has revealed that the losses incurred by cyber attacks on the firm disclosed in January included a password system that controls access to almost all Google web services.

The system, code-named Gaia and designed to enable single sign-on to a range of services, was attacked in the cyber raids in December, according to a source cited by the New York Times.

Google quickly made changes to the security of its networks after the attacks, but the theft of Gaia raises the possibility that the attackers may find weaknesses unknown to Google, said observers.

The anonymous source has also revealed that the theft began with an poisoned instant message sent to a Google employee in China using Microsoft Messenger.

The message linked to malicious website that was used by the attackers to gain access to the employee's computer and then to computers in the development division at Google headquarters.

Ultimately, the intruders were able to gain control of a software repository used by the development team, the source has told an internal investigation.

Although Google disclosed the intrusions publicly in January, the details surrounding the attack and losses have been a closely guarded secret.

The company said only that attackers had stolen "intellectual property" and apparently compromised e-mail accounts of human rights advocates in China.

After negotiations the Chinese authorities, Google announced in March that it had stopped censoring Chinese-language search results and was rerouting search queries to its Hong Kong-based site.

Google has declined to comment on the details leaked from the investigation, saying it has dealt with the security issues raised by the theft of the company's intellectual property.

Related Topics: IT strategy, VIEW ALL TOPICS

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy