Cyberattack on Google said to have hit password system

invisibleSHIELD case for iPad“Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret. But a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications,” John Markoff reports for The New York Times.

“The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said,” Markoff reports. “Described publicly only once at a technical conference four years ago, the software is intended to enable users and employees to sign in with their password just once to operate a range of services.”

“The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions,” Markoff reports. “But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.”

“The new details seem likely to increase the debate about the security and privacy of vast computing systems such as Google’s that now centralize the personal information of millions of individuals and businesses,” Markoff reports. “Because vast amounts of digital information are stored in a cluster of computers, popularly referred to as ‘cloud’ computing, a single breach can lead to disastrous losses.”

Markoff reports, “The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program, according to the person with knowledge of the internal inquiry, who spoke on the condition that he not be identified. By clicking on a link and connecting to a ‘poisoned’ Web site [using Microsoft’s Internet Explorer, according to published reports], the employee inadvertently permitted the intruders to gain access to his (or her) personal computer and then to the computers of a critical group of software developers at Google’s headquarters in Mountain View, Calif. Ultimately, the intruders were able to gain control of a software repository used by the development team.”

Full article here.

MacDailyNews Take: Cybercriminals just have to begin each day thanking their lucky stars for the existence of Microsoft.

[Thanks to MacDailyNews Reader “jax44” for the heads up.]


  1. The email must have targeted this guy specifically because he had access to the servers. Interesting that someone that high up on the foodchain could be so irresponsible about clicking links in emails… and run such poor security on his machine.

  2. @Steve516

    That’s way it’s called phishing –

    “Targeted versions of phishing have been termed spear phishing. Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.” wiki

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.