Google hackers were after password system
The search giant's withdrawal from China was prompted by an attack on the software that runs all its passwords
The attack on Google servers that provoked the company’s withdrawal from China was a concerted attempt to hack into the system upon which Google bases all its passwords, the New York Times has reported.
The programme, called Gaia, was attacked in December, and controls the access for most of Google’s web services, including email and Apps.
A person familiar with the company’s internal investigation told the New York Times that the breach was discovered quickly and no passwords themselves were taken.
The risk, although very small, is that hackers worked quickly and discovered weaknesses of which Google was unaware and has not been able to patch.
Analysts believe this to be very unlikely, however, and Google has since improved its security anyway.
A more remote possibility is that the hackers used the opportunity to insert a new vulnerability into Google’s systems that they could then access themselves at any time.
The attack was started, it is thought, by a link sent through a Microsoft instant messaging service.
The hackers clearly had precise knowledge of who they should target to access the Gaia system, which has only been spoken of in public very rarely.
Google was, however, one of more than 20 companies involved in a spate of attacks; others, sources have suggested, were being routinely hacked over a long period of time, but have yet to speak publicly about it.