Google's Single Sign-On password system stolen during recent cyber attack

Published Date
20 - Apr - 2010
| Last Updated
20 - Apr - 2010
Google's Single Sign-On password system stolen during recent cybe...


Recent reports on Google’s cyber attack in December show that the hackers stole one of Google’s single sign-on password systems, Gaia, which allows users to sign-in just once to access all of Google’s range of services. It has been confirmed however, that no passwords were stolen, but as observed by experts, the system itself could give the attackers an edge, allowing them to figure out weaknesses and loopholes in the system. The attack was traced back to computers at two campuses in China, but as with all cyber attacks, the actual location of the hackers might be completely different. Google though sticks by the Chinese origin, claiming it has evidence.

Google has been working on completely changing its security processes since the attack, including a new layer of encryption for Gmail service, tightening of security at data centres, securing data communication links between servers and users, and many more steps. The attack may still come from an unknown quarter, as the hackers now have an understanding of the algorithms, access to the source code and all its vulnerabilities, as well as to the bug repository.

While the details of the theft were held quite closely for a while by Google, the company says that it has been more forthcoming about the Chinese attacks than the any of the many other companies that were compromised. Google’s attack was quite similar to those on other companies, but there were some differences.

The attack was initiated when a Chinese Google employee clicked a link to a “poisoned” website on Microsoft Messenger, allowing the hackers to gain access to the desktop and through it to computers at Google’s headquarters. The intruders evidently had very specific knowledge of the members comprising the Gaia team, and by using sophisticated hacking techniques, succeeding in stealing Gaia from software repositories, and transferring it out to Rackspace’s web-hosting services, from where it reached the hands of the hackers through unknown means. It is possible that the hackers gained access to Google’s corporate directory ‘Moma’, which contains information about each Google employee, and were therefore able to find the specific targets.

Abhinav LalAbhinav Lal