Blog: Cyberattack on Google Said to Hit Password System

Cyberattack on Google Said to Hit Password System
New York Times (04/19/10) Markoff, John

The cyberattack against Google's computer networks, first disclosed in January, also reportedly breached the company's password system, called Gaia, which controls user access to almost all of its Web services. Although the hackers do not appear to have stolen the passwords of Gmail users, the Gaia breach leaves open the possibility that hackers may find other unknown security weaknesses. The intruders were able to gain control of a software depository used by the Google development team by luring an employee to a poisoned Web site through a link in an instant message. "If you can get to the software repository where the bugs are housed before they are patched, that's the pot of gold at the end of the rainbow," says McAfee's George Kurtz. An attacker looking for weaknesses in the system could benefit from understanding the algorithms on which the software is based, says Neustar's Rodney Joffe. Google still uses the Gaia system, although now it is called Google Sign-On. Soon after the intrusion, Google activated a new layer of encryption for its Gmail service. The company also tightened the security of its data centers and further secured the communications links between its services and the computers of its users.

View Full Article