...
...
Next Story

Google password system hit in December cyber attack: Report

A key Google password system that controls access by millions of users worldwide to almost all of the company's Web services, including e-mail and business applications, was stolen when the search engine was hacked in an attack emanating from China, according to a media report.

Updated on: Apr 20, 2010 03:46 PM IST
Advertisement

A key Google password system that controls access by millions of users worldwide to almost all of the company's Web services, including e-mail and business applications, was stolen when the search engine was hacked in an attack emanating from China, according to a media report.

HT Image
HT Image

The software called Gaia was intended to enable users and employees to sign in with their password just once to operate a range of services, 'The New York Times' reported, citing a source close to the investigation being conducted by Google.

The intruders, who attacked Google in December last year, "do not appear to have stolen passwords of G-mail users, and the company quickly started making significant changes to the security of its networks after the intrusions," it said.

Independent experts also told the daily that the "theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of."

In January, Google threatened to pull out of China as it blamed hackers based there for infiltrating their network and accessing e-mail accounts of Chinese human rights activists.

The newspaper also reported that the theft began with an instant message sent to a Google employee in China who was using Microsoft's Messenger programme.

By clicking on a link and connecting to a "poisoned" Web site, the employee inadvertently permitted the intruders to gain access to the user's personal computer.

This led to the hackers getting access to the computers of a critical group of software developers at Google's headquarters in Mountain View, California. "Ultimately, the intruders were able to gain control of a software repository used by the development team," the report said.

Because Google quickly learnt of the intrusion, the extent of damage that may have been caused is difficult to predict but experts have laid out some possibilities.

The worst case scenario, the daily said, "is that the attackers might have intended to insert a Trojan horse — a secret back door — into the Gaia programme and install it in dozens of Google's global data centres to establish clandestine entry points."

It also appears that hackers, in Google's case, had precise knowledge about the names of Gaia software developers.

"They first tried to access their work computers and then used a set of sophisticated techniques to gain access to the repositories where the source code for the programme was stored," the report said.

 
Get the latest headlines from US news and global updates from Pakistan, Nepal, UK, Bangladesh, Russia and US Iran war Live, get all the latest headlines in one place on Hindustan Times.
Get the latest headlines from US news and global updates from Pakistan, Nepal, UK, Bangladesh, Russia and US Iran war Live, get all the latest headlines in one place on Hindustan Times.
SHARE THIS ARTICLE ON