Google attacks began with an employee’s click, reports say
Hackers gained access to password system for millions of users
- By Kevin McCaney
- Apr 21, 2010
The sophisticated cyber attacks late last year on Google and about 30 other companies began with one of the oldest tricks in the Internet crime book – getting a user to click on a link in a message, according to several reports. The attacks gained access to Google’s password system, which handles access for millions of users, the reports said.
The New York Times, citing someone with direct knowledge of the incident, said the attack last December started when a Google employee in China, using Microsoft Messenger, received an instant message and clicked on a link to a malicious Web site. Hackers then gained access to the employee’s computer and, eventually, the software repository used by Google’s development team at its Mountain View, Calif., headquarters, the story said.
The attack compromised the company’s password system, then code-named Gaia and since renamed Single Sign-On. Google disclosed the attacks in January and said it had made changes to its systems, including the addition on an extra layer of encryption for it s Gmail service. The Times said that the password of Gmail users apparently weren’t stolen in the attack.
Related: Lessons from Google attacks could help U.S. bolster cyber defense
The Washington Post reported that this type of attack, particularly when it targets network administrators or officials with access to sensitive lists, is becoming more common.
"Once you gain access to the directory of user names and passwords, in minutes you can take over a network," George Kurtz, worldwide chief technology officer for McAfee, told the Post.
The attacks themselves are sophisticated, even if the lure of an attachment or link is familiar.
Kurtz told the Post that attacks have moved away from trying to penetrate networks from the outside. "Now, in essence, what they're doing is having good people on the inside unwittingly connect out to a malicious Web site where their machines can be infected," he said.
The nature of the attack could rekindle the debate over the security of centralized repositories such as Google’s. The password system, which Google has largely kept under wraps, lets users use a single password to access its e-mail and other systems, such as Gmail, Google Wave and Google Docs. Government agencies increasingly have been moving toward cloud computing cut costs and increase efficiency, and some have considered single sign-on systems.
Google has blamed China for the attacks, and recent reports have linked two Chinese universities to the attacks. The company also has been feuding with china over censorship of its searches, and recently began redirecting its Chinese traffic to its Hong Kong site in order to provice uncensored search.
Kevin McCaney is a former editor of Defense Systems and GCN.