Hackers Who Breached Google in 2010 Accessed Company’s Surveillance Database

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.wired.com/threatlevel/2013/05/google-surveillance-database/

Hackers who breached Google’s network in 2010 obtained access to the
company’s system for tracking surveillance requests from law
enforcement, according to a news report.

The hackers gained access to a database that Google used to process
court orders from law enforcement agencies seeking information about
customer accounts, including classified FISA orders that are used in
foreign intelligence surveillance investigations, according to the
Washington Post.

The database contained years’ worth of information on law enforcement
surveillance surveillance orders issued by judges around the country.
The hackers were hoping to discover if law enforcement agents were
investigating undercover Chinese intelligence operatives who were
working out of the U.S.

The news confirms rumors that circulated at the time of the breach
that Google’s hackers had gained access to this system.

“Knowing that you were subjects of an investigation allows them to
take steps to destroy information, get people out of the country,” a
former U.S. official told the Post.

Google stunned the security community in January 2010 when it became
the first U.S. company to publicly announce that it had been hacked.
The company said at the time that the intruders had stolen source code
and were also trying to obtain access to the Gmail accounts of Tibetan
activists.

Google wasn’t the only company that was hacked in 2010. Minutes after
Google announced its intrusion, Adobe acknowledged in a blog post that
it discovered Jan. 2 that it had also been the target of a
“sophisticated, coordinated attack against corporate network systems
managed by Adobe and other companies.” Eventually, reports surfaced
that the attackers had targeted more than 30 companies, including
financial institutions and defense contractors, seeking source code
and other data. The attackers targeted source code management systems,
which would have given them the ability to steal source code as well
as modify it to make customers who use the software vulnerable to
attack.

The sophisticated Google breach was traced to China and prompted
Google to announce plans to stop censoring Google search results in
that country. The breach also led Secretary of State Hillary Clinton
to publicly condemn the intrusion and call on China to explain itself
over the breach.

Asked by Wired at the time if its system for processing law
enforcement surveillance requests was breached, a Google spokesman
declined to answer.

But according to the Post, the breach launched a months-long dispute
between Google and the Justice Department over the latter’s request to
view logs and other forensic information about the breach. ThePost
doesn’t say what Google provided law enforcement.

The news comes weeks after a senior Microsoft official disclosed
during a conference presentation last month that Chinese hackers had
targeted his own company around the same time that Google had been
hacked. He noted that the attackers had been trying to determine which
Microsoft accounts were under surveillance by law enforcement. He
suggested this had been their goal in hacking Google as well.

“What we found was the attackers were actually looking for the
accounts that we had lawful wiretap orders on,” David W. Aucsmith,
senior director of Microsoft’s Institute for Advanced Technology in
Governments, said at the time.

The Post notes that Microsoft disputes that its servers were breached
in the 2010 wave of attacks that struck Google and other companies.
But Aucsmith never said the company was breached, just that it was
targeted, suggesting that an attempt may have been made to breach the
system but was either unsuccessful or was caught before the hackers
could gain entry.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.