Last year (2009), hackers breached Google’s network and stole the source code for their global password system.
Google has a single sign-on system known internally as ‘Gaia’ and allows users to log into many of Google’s services that it offers, such as Gmail, web search, business applications and others, using just the one password.
The hackers stole the code after gaining access to the Google’s software repository – this is the ’crown jewels’ for their services. The hackers copied the software but it is not thought that they gained access to customer passwords, which means that users aren’t directly affected by the theft. However, the risk to Google is that the hackers could examine the software for security vulnerabilities to devise ways to gain access to the system that would later impact users.
Google announced in January 2010 that it had been hacked. The hackers had targeted the source code repositories at other companies.
It is believed that the theft started when an instant message was sent to a Google employee in China who was using Windows Messenger. The message included a link to a malicious website. When the employee clicked the link, the hackers were able to gain access to the employee’s computer. This meant that they were inside the Google corporate network and from there, they could connect to Google’s headquarters in California. It is thought that the intruders know the names of the ‘Gaia’ software developers, because the hackers had access to an internal Google corporate directory that lists the business activities of every Google employee.
According to a McAfee report, the hackers used a malicious website that was hosted in Taiwan. When the victim clicked on a link to the site, the site downloaded and executed a malicious JavaScript, with a zero-day exploit that attacked a vulnerability in the user’s Internet Explorer browser. A binary executable (program) disguised as a JPEG file then downloaded to the user’s system that opened a backdoor into the computer, setting up a connection to the attackers’ command and control servers that were also hosted in Taiwan.
From that initial access point, the attackers obtained access to the source-code management system or burrowed deeper into the corporate network to gain a persistent hold.
Read More in this New York Times article.
This incident highlights the concerns that many people already have, that using ‘Cloud’ services can be less secure than private or own hosting. Entrusting your data to a third party provider needs careful due dilliegence to make sure the service and security protection is good enough for your needs.
Resources for CIO and COO Professionals
Remember to bookmark the following ….
- CIOCOO.com
- add CIOCOO.com/feed/rss/ to your RSS feed
- and follow twitter.com/timbullock/ on Twitter
For more information, contact 
For copyright details, refer to http://ciocoo.com/legal/copyright/
For terms of use, refer to http://ciocoo.com/legal/terms-of-use/
© Copyright Tim Bullock 2010
