Although hardly a week has passed that we haven’t heard about the Chinese hacking attack on Google since Google announced the accusations in January, but still, we know very little about the attack itself. Aside from the fact that the attack targeted Chinese human rights activists’ Gmail accounts, and that dozens of other companies were also hit, Google has held its secrets close.
The New York Times may have hit upon that secret, though—and it’s a doozy:
a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications.
The password system has only been described once publicly (four years ago, says the NYT). Named “Gaia” after the Greek mother goddess (she was the grandmother of Zeus) and Earth personified, the system guards millions of users’ personal information. The hackers did not actually get users’ passwords, but used the system to access parts of their accounts, apparently.
The “lightning raid” took less than two days, said the source. Apparently, a Google employee in China inadvertently allowed the attack. The employee responded to an IM message on Microsoft’s Messenger and followed a “poisoned” link—and if CEO Eric Schmidt had the details correct, the employee used an out-of-date, less secure browser that allowed the hackers access through that link.
Google has declined to comment on this issue. They continue to use Gaia, now called Single Sign-On, the system that allows users to log in on one Google property and stay signed in across many other Google sites.
There’s a possibility that the hackers could have inserted a Trojan horse to make several data centers almost remote log-in points, but it seems unlikely that the attack was quite that sophisticated. Additionally, Google has since tightened data center security as well as the links between data centers.
However, the hackers did know quite a bit about the system already. They knew the names of what employees to target, possibly because they gained access to Google’s internal directory, Moma.
What do you think? Is Google safer now? Will you keep trusting them with your data?