Attack on Google In January Supposedly Targeted Critical Password System

Passwords Not Taken, But Password System Source Code Said Stolen

2 min read
Attack on Google In January Supposedly Targeted Critical Password System

In today's New York Times, there is a fascinating and disturbing story shedding more light on the hack attack on Google that occurred in January and led to its pullout from China. According to the story, hackers stole the source code to Gaia, which the Times says is, "one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications."

The Times story, citing "a person with direct knowledge of the investigation", reports that Google's passwords were not taken, but the worry is that the hackers will now be able to find a weak spot in the password system that Google does not know about and exploit it. Google has taken measures to protect against that threat, but unless it completely rewrites Gaia (something very unlikely), a risk remains.

The Times says that "The theft began with an instant message sent to a Google employee in China  who was using Microsoft’s Messenger program ...  By clicking on a link and connecting to a 'poisoned' Web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer and then to the computers of a critical group of software developers at Google’s headquarters in Mountain View, Calif. Ultimately, the intruders were able to gain control of a software repository used by the development team."

The story says that it appears the hackers targeted specific Google's Gaia software developers, implying a sophisticated intelligence operation was behind it, i.e., the hack had "unknown" but suspected Chinese governmental support.

As a side note, I am always amazed by the US government agencies - especially the Department of Defense - who are more than happy to publish the photos, names and operating locations of students/employees/service members taking advanced cyber security courses. Nice intelligence target list you are providing. If you are going to be handing the future keys to the kingdom to these folks, you should at least protect their identities like you do intelligence operative recruits.

Anyway, the Times story also indicates that the January hack attack, which targeted not only Google but several other companies, wasn't a quick strike. Evidence was found at some of the companies hit that they had been hacked into for a couple of years, and didn't know it. This seems to support the findings described in the Wall Street Journal article in February about a massive, coordinated attack focusing on thousands of companies over the past two years. 

Finally, the story points out that companies that offer cloud computing will increasingly be the organized hacking communities' - both government-sponsored and criminal - sought after of gold in the future since the reward/risk ratio is so tempting. The attack on Google is merely a prelude.

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less