Google’s Password System Hit by Cyber Attack

As per the report issued on April 19, 2010 in the New York Times, cyber assailants that penetrated the computer network of search engine giant Google, successfully stole a password system which provides access to its Web services. This report offered a new perception of the attack.

Further, Google, in a blog post published on January 12, disclosed that the advanced, targeted cyber attack has its origin in China, and due to the attack, Google's intellectual property has been thieved. However, a major part of details about this attack continue to be a mystery.

An anonymous person who has direct details of the attack was quoted by the Times, wherein it was said that criminals behind the assault succeeded in stealing password system of Google, with Gaia as the code name. This password controls the access of millions of users to all the Web services of Google, such as e-mail and various other business applications.

Moreover, the sources also divulged that this vicious attack started when an employee of Google in China hit a link in an instant message. This link connected him to a malware-infected website. Attackers, exploiting this initial access, then penetrated the systems of a team of Google software developers specifically for the Gaia program. Then, the interlopers used various complicated hacking techniques to penetrate and manage a software repository. The source code for Gaia software was stored in this repository.

This acquired code was then transmitted to the systems owned by Rackspace before being forwarded to an unknown place. Rackspace is a cloud and managed hosting provider.

The attackers, at some point, gained access to Moma, an internal directory of Google. Moma accommodates the information on "work activities" of Google workforce. This data might have been utilized to find out specific employees within the company. It seems that the attackers had the accurate knowledge of Gaia software developers' names.

Fortunately, it appears that the passwords of Gmail users have not been stolen. Google speedily began bringing changes in security arrangements of its networks, according to the sources.

Experts said that this breach has raised privacy and security concerns regarding the use of cloud-based systems. After all, Google's system alone stocks the personal details of millions of businesses and individuals around the world.

Related article: Google Rectifies Gmail flaw in Three Days

» SPAMfighter News - 5/1/2010