Spam & Hackers

Google Hackers Reportedly Targeted Password System

By Michael Smith

Hacker attacks on Google traced to China appear to have been directed at Gaia, a Google system now named Single Sign-on, which allows cloud users to access apps with one password. Access was apparently gained through an instant message to a Google employee’s PC. Social engineering was apparently used to target the Google employee.

 Last year’s brazen cyberattack on Google’s servers, believed to have originated in China, was directed at a system  that controls access to the business and e-mail applications that have made the company a leader in cloud  computing , according to new information  Tuesday. The system was known as Gaia, and has since been named Single Sign-on, allowing cloud users to access numerous Google applications without repeated password entries.Up until now it was not known what Google lost during the two-day attack, which likely targeted its source code.

Access from Instant Message

But a person identified as having direct knowledge of the investigation told The New York Times that cyberthieves gained access through an employee’s personal computer to a software repository used by the Gaia development team.The attack began with a message to a Google employee in China via Microsoft  Messenger that contained a link to the hackers’ web site, which then enabled the intruders to enter the system, search for the source code, and possibly plant Trojans.The Gmail accounts of individual users were apparently not compromised, the Times reported.The incident, first disclosed by Google on Jan. 12, has been traced to two universities in China, Shanghai Jiaotong and Lanxiang Vocational School. It’s not known if the hackers were students or if servers were hijacked as a launchpad for the attack.Several other large technology companies, including Adobe Systems and Intel, were targeted around the same time.After studying the attacks known as Aurora, Paul Kurtz, chief technology officer of McAfee, wrote last month that many companies have tightly locked “front doors” on their systems but insufficient measures inside their servers to limit access once they have been compromised.”Many organizations have tight security  around financial systems and other mission-critical systems, but leave their intellectual-property repositories broadly accessible,” Kurtz wrote on his blog. The company might have strong perimeter security, but once you’re in, the [source code] is readily available.”

Social Engineering

Graham Cluley, senior technology consultant at the U.K. cybersecurity firm Sophos, said it appears that identifying key Google employees was crucial to the hackers’ hopes of raiding source code.”If the Times report is accurate, then it might have been possible for hackers to determine which software engineers inside Google were responsible for developing Gaia, and that could have assisted them in their attempts to steal the source code,” Cluley said. “One can only presume that the hackers’ intention might have been to uncover a weakness in Google’s systems, to allow them to gain access to protected accounts.”The consultant added that despite the notoriety it has gained, the Google attack was fairly typical.”The attack appears to have followed a tried-and-trusted formula of social engineering [and] exploitation of software vulnerabilities,” he said. “It’s surprising just how often attacks like this are attempted, both against big companies and small. What made this case different was that Google was prepared to go public and point the finger so blatantly toward China.”

Michael Smith

Michael Smith is a seasoned technology writer with over 10 years of experience specializing in internet-related topics, emerging technologies, and digital trends. His deep understanding of the tech landscape allows him to simplify complex subjects for a wide range of readers, from industry professionals to tech enthusiasts. Michael has contributed to numerous well-regarded publications and has a proven track record of delivering accurate, engaging, and well-researched content. With a passion for innovation, Michael regularly covers topics such as cybersecurity, cloud computing, artificial intelligence, and internet infrastructure. His ability to stay ahead of the curve in this fast-paced field ensures that readers receive the latest insights and information on cutting-edge technologies. In addition to his writing career, Michael holds a degree in Computer Science.

Leave a Comment