20 April 2010, 12:22

Attack on Google's core

Google Logo During the January attack on Google, alleged to originate from China, the intruders apparently had their hands on one of the companies vital systems – its central authentication system, Gaia. This is according to a report in the New York Times, which cites an anonymous source claiming to have inside information on Google's internal investigation into the incident. Google has so far largely reserved comment on the circumstances surrounding the attack. The Chinese government has denied any involvement in cyber-attacks.

Gaia is Google's single sign-on system for millions of users and for its own staff. Google uses it for one-time authentication of a wide range of services, such as Google Mail, Google Apps and a number of business applications and cloud services. According to the report, the intruders did not use their access to the system to steal passwords, but instead copied Google's internally developed code and, in a series of steps, transferred it to their own servers. The hackers may be hoping to discover previously unknown vulnerabilities in the software which could be used for subsequent attacks. Speculation that the attackers may have exploited access to the Gaia developer repository to install a back door do not, at present, look like being confirmed.

According to the New York Times, the attack started with an instant message sent to a Google employee in China which contained a link to a crafted website. This allowed the attackers to gain access to the employee's Windows system, probably via a vulnerability in Internet Explorer, from which they were able to gain access to computers used by other members of the Gaia development team. Google has declined to comment on the report. The company is reported to have implemented additional security measures to protect its systems following the incident – what these consist of has not been revealed.

See also: