December Hacking Incident Targeted Google's Password System: Report

Google a New York Times report

The attack, which Google disclosed in January, was one of the incidents that led to Google's ongoing friction with China and its decision last month to move its Chinese search operations from the mainland to Hong Kong.

In January Google disclosed that hackers had broken into its computers, but the company did not provide details about the extent of the incident other than to say its intellectual property was stolen and e-mail accounts of two human rights advocates in China were compromised.

According to the New York Times story, which quoted "a person with direct knowledge of the investigation," the hacking incident targeted Google's password system, known at the time as Gaia and now called Single Sign-On, that controls user access to the company's e-mail and business applications.

The hackers apparently did not steal individual Gmail passwords during the two-day attack in December, according to the story, and Google quickly made "significant changes" to the system to shore up its security.

The Times story said the attack began with an instant message sent to a Google employee in China who was using Microsoft's Messenger program at the time. The employee inadvertently permitted the intruders to gain access to the employee's PC when the employee clicked on a link in the message to a "poisoned" Web site. The intruders were then able to gain access to computers used by a critical group of developers at Google's Mountain View, Calif., headquarters.

Gaining access to the password system's source code might provide the hackers with knowledge of its security vulnerabilities, the story quoted technical experts as saying, or they might have sought to install Trojan horse software that would provide intruders with clandestine access to the system at a later time.

The Times story said the intruders appeared to have specific knowledge of the names of the Gaia developers. The hackers first tried to access their work computers and then used "sophisticated techniques" to access the source code repositories.

At the time of the attacks Google said there was evidence the attacks came from China, and news stories in February said the attacks were traced to two universities in that country.

The December attack has fueled an ongoing dispute between Google and China over the Chinese government's demands that Google censor its search results in that country. Last month Google blamed a temporary outage of its search engine on China's censorship efforts.