Hacker attacks on Google traced to China appear to have been directed at Gaia, a Google system now named Single Sign-on, which allows cloud users to access apps with one password. Access was apparently gained through an instant message to a Google employee’s PC. Social engineering was apparently used to target the Google employee.
Last year’s brazen cyberattack on Google’s servers, believed to have originated in China, was directed at a system that controls access to the business and e-mail applications that have made the company a leader in cloud computing , according to new information Tuesday. The system was known as Gaia, and has since been named Single Sign-on, allowing cloud users to access numerous Google applications without repeated password entries.Up until now it was not known what Google lost during the two-day attack, which likely targeted its source code.
Access from Instant Message But a person identified as having direct knowledge of the investigation told The New York Times that cyberthieves gained access through an employee’s personal computer to a software repository used by the Gaia development team.The attack began with a message to a Google employee in China via Microsoft Messenger that contained a link to the hackers’ web site, which then enabled the intruders to enter the system, search for the source code, and possibly plant Trojans.The Gmail accounts of individual users were apparently not compromised, the Times reported.The incident, first disclosed by Google on Jan. 12, has been traced to two universities in China, Shanghai Jiaotong and Lanxiang Vocational School. It’s not known if the hackers were students or if servers were hijacked as a launchpad for the attack.Several other large technology companies, including Adobe Systems and Intel, were targeted around the same time.After studying the attacks known as Aurora, Paul Kurtz, chief technology officer of McAfee, wrote last month that many companies have tightly locked “front doors” on their systems but insufficient measures inside their servers to limit access once they have been compromised.”Many organizations have tight security around financial systems and other mission-critical systems, but leave their intellectual-property repositories broadly accessible,” Kurtz wrote on his blog. The company might have strong perimeter security, but once you’re in, the [source code] is readily available.” Social Engineering Graham Cluley, senior technology consultant at the U.K. cybersecurity firm Sophos, said it appears that identifying key Google employees was crucial to the hackers’ hopes of raiding source code.”If the Times report is accurate, then it might have been possible for hackers to determine which software engineers inside Google were responsible for developing Gaia, and that could have assisted them in their attempts to steal the source code,” Cluley said. “One can only presume that the hackers’ intention might have been to uncover a weakness in Google’s systems, to allow them to gain access to protected accounts.”The consultant added that despite the notoriety it has gained, the Google attack was fairly typical.”The attack appears to have followed a tried-and-trusted formula of social engineering [and] exploitation of software vulnerabilities,” he said. “It’s surprising just how often attacks like this are attempted, both against big companies and small. What made this case different was that Google was prepared to go public and point the finger so blatantly toward China.” |