Cyber attack steals Google’s password system
Ever since Google
disclosed in January that Internet intruders had stolen information
from its computers, the exact nature and extent of the theft has been a
closely guarded company secret. But a person with direct knowledge of
the investigation now says that the losses included one of Google’s
crown jewels, a password system that controls access by millions of
users worldwide to almost all of the company’s Web services, including
e-mail and business applications.
The programme, code
named Gaia for the Greek goddess of the earth, was attacked in a
lightning raid taking less than two days last December, the person
said. Described publicly only once at a technical conference four years
ago, the software is intended to enable users and employees to sign in
with their password just once to operate a range of services.
The intruders do
not appear to have stolen passwords of Gmail users, and the company
quickly started making significant changes to the security of its
networks after the intrusions. But the theft leaves open the
possibility, however faint, that the intruders may find weaknesses that
Google might not even be aware of, independent computer experts said.
The new details
seem likely to increase the debate about the security and privacy of
vast computing systems such as Google’s that now centralize the
personal information of millions of individuals and businesses. Because
vast amounts of digital information are stored in a cluster of
computers, popularly referred to as “cloud” computing, a single breach
can lead to disastrous losses.
Genesis of the theft
The theft began
with an instant message sent to a Google employee in China who was
using Microsoft’s Messenger programme, according to the person with
knowledge of the internal inquiry, who spoke on the condition that he
not be identified.
By clicking on a
link and connecting to a “poisoned” Web site, the employee
inadvertently permitted the intruders to gain access to his (or her)
personal computer and then to the computers of a critical group of
software developers at Google’s headquarters in Mountain View, Calif.
Ultimately, the intruders were able to gain control of a software
repository used by the development team.
The details
surrounding the theft of the software have been a closely guarded
secret by the company. Google first publicly disclosed the theft in a
January 12 posting on the company’s Web site, which stated that the
company was changing its policy toward China in the wake of the theft
of unidentified “intellectual property” and the apparent compromise of
the e-mail accounts of two human rights advocates in China.
The accusations
became a significant source of tension between the United States and
China, leading Secretary of State Hillary Rodham Clinton to urge China
to conduct a “transparent” inquiry into the attack. In March, after
difficult discussions with the Chinese government,
Google said it would move its mainland Chinese-language Web site and begin rerouting search queries to its Hong Kong-based site.
Company executives
on Monday declined to comment about the new details of the case, saying
they had dealt with the security issues raised by the theft of the
company’s intellectual property in their initial statement in January.
Google executives
have also said privately that the company had been far more transparent
about the intrusions than any of the more than two dozen other
companies that were compromised, the vast majority of which have not
acknowledged the attacks.
Extra security
Google continues to
use the Gaia system, now known as Single Sign-On. Hours after
announcing the intrusions, Google said it would activate a new layer of
encryption for Gmail service. The company also tightened the security
of its data centres and further secured the communications links
between its services and the computers of its users.
Several technical
experts said that because Google had quickly learned of the theft of
the software, it was unclear what the consequences of the theft had
been. One of the most alarming possibilities is that the attackers
might have intended to insert a Trojan horse – a secret back door –
into the Gaia programme and install it in dozens of Google’s global
data centres to establish clandestine entry points. But the independent
security specialists emphasized that such an undertaking would have
been remarkably difficult, particularly because Google’s security
specialists had been alerted to the theft of the program.
However, having
access to the original programmer’s instructions, or source code, could
also provide technically skilled hackers with knowledge about subtle
security vulnerabilities in the Gaia code that may have eluded Google’s
engineers.
The New York Times
Leave a Reply