Back In January Google revealed information about a cyber attack that had been carried out against the company. The information released at that time was scarce but the impact was huge as it made Google rethink its Chinese market strategy when it became clear that China was behind the attacks.
No information was provided how the attack was carried out. Google back then believed that the intention of the attackers was to access Gmail accounts of Chinese human rights activists.
An article in the New York Times (removed because of paywall) yesterday revealed additional information about the attack.
The article describes that the attack began by sending an instant message to a Google China employee who was using Microsoft Messenger. The employee clicked on the link and by doing so connected to a specifically prepared website that gave the intruders access to the personal computer from where they managed to gain access to computers at Google’s headquarters in the US.
Among the data that the attackers managed to steal was a program named Gaia which is also known as Single Sign-On. This program enables Google account owners to sign-on just once to use all Google services.
The attackers could analyze the Gaia source to find new vulnerabilities for future attacks. Google, only hours after the attack, tightened the security of their computer networks and services to prevent further attacks.
What do we learn from this?
- At least some Google employees fall for phishing and other attacks just as easily as the average Internet user.
- The attacks were precise and planned in advance. The attackers knew about their targets and managed to steal information and data.
- That it might be a good idea to change the Google account password.
Users who have not changed the password of their Google account recently might want to consider doing so right now.