Internet intruders who stole information from Google’s computers in January also broke into one of Google’s crown jewels: a password system that controls access by millions of users to almost all of the company’s web services, including e-mail and business applications.
The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said.
The intruders do not appear to have stolen passwords of gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.
The new details seem likely to increase the debate about the security of vast computing systems such as Google’s that now centralise the personal information of millions.
The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program, according to the person with knowledge of the internal inquiry, who spoke on the condition of anonymity. The details surrounding the theft of the software have been a closely guarded by the company.
Company executives on Monday declined to comment about the new details of the case, saying they had dealt with the security issues raised by the theft of the company’s intellectual property in their initial statement in January.
Google continues to use the Gaia system, now known as Single Sign-On. Hours after announcing the intrusions, Google said it would activate a new layer of encryption for gmail service. The New York Times