Google attack objective: Source code for the single sign-on system?

Get a copy of the upcoming book "Secure Operations Technology"

The January attacks on Google and other US companies may seem to us as if they have happened ages ago, but you can be sure that they are still actively involved in the internal and external investigations that are pursued with the goal of finding out who was responsible for the attacks and the extent of the damage to their systems.

A recent revelation by a person who is privy to the details of one of the investigations has made public the fact that the attackers who targeted Google have managed to lay their hands on the source code of the company’s Gaia program – the password system that controls the single sign-on required by Google users to access all of the company’s Web services.

The person who revealed that the code has been stolen has also said that no Gmail user passwords have been compromised and that the company has immediately activated a new layer of encryption for the email service. As Google CEO revealed a week ago, they have become more paranoid about security and have promptly started locking down their systems and updating all the internal software.

The main problem now is the fact that the attackers could be able to discover weaknesses in the code that Google developers might fail to spot, because Google still uses the Gaia system.

The New York Times reports that the attack was put in motion through a single instant message that was sent to a Google employee in China. The employee clicked on the link that was connected to a “poisoned” website, and opened Pandora’s box – so to speak. The attackers were able to access the employee’s computer, and through it to the computers of Google software developers in the US. Finally, they managed to access a software repository that these developers used.

The attackers didn’t go blindly into this – they obviously managed to discover beforehand the names of the Gaia developers and tried to access their computers first, but they failed – hence the roundabout mode of attack.

Google has declined to give out more details about the attack or to acknowledge the veracity of this revelation.