Google's 'Gaia' password system was infiltrated during January attacks

News by Dan Raywood

Google's password system that controls access to almost all Google web services was among the losses incurred in January.

Google's password system that controls access to almost all Google web services was among the losses incurred in January.

An insider told the New York Times that the Gaia program was attacked in a lightning raid taking less than two days last December. It claimed that this was only mentioned once at a technical conference four years ago, and the software is intended to enable users and employees to sign in with their password just once to operate a range of services.

The report claimed that intruders did not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions.

Google executives declined on Monday to comment about the new details of the case, saying they had dealt with the security issues raised by the theft of the company's intellectual property in their initial statement in January.

They also privately said that the company had been far more transparent about the intrusions than any of the more than two dozen other companies that were compromised, the vast majority of which have not acknowledged the attacks.

Google is continuing to use the Gaia system, now known as Single Sign-On. Hours after announcing the intrusions, Google said it would activate a new layer of encryption for the Gmail service. The company also tightened the security of its data centres and further secured the communications links between its services and the computers of its users.

David Harley, director of malware intelligence at ESET, said: “So I certainly wouldn't assume any connection between the alleged Chinese breach disclosed in January and recent reports of compromised Gmail accounts, but I wouldn't discount the possibility either. After all, many of the respondents to the thread flagged by Aleksandr Matrosov were adamant that they hadn't fallen prey to a phishing attack, and earlier reports did suggest attempts to access the accounts of Chinese human rights activists.

“The point of a single sign-on is to access a range of services: the problem with a single sign-on is that if it's compromised, it becomes a single point of failure. Of course, it's a long stretch from confidentiality attacks on Chinese dissidents to a South Korean spam server: I can't help but wonder, though, what interesting weaknesses the original attackers may have found, and how widely the information on those issues may have been disseminated subsequently.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews