Citing a source close to the investigation, The New York Times is reporting the attack on Google in December hit the company's password system.
New details have leaked out regarding the cyber-attack on Google in December.
According to a report in The New York Times
the attack hit Google's password system, code-named Gaia. The program
is still used under the name Single Sign-On and allows users to sign in
only once with their password to operate e-mail and business
Google disclosed the attack on Jan. 12
announcing it had uncovered "a highly sophisticated and targeted
attack" that also struck numerous other companies as well. According to
Google, the primary goal of the attack
to access the Gmail accounts of Chinese human rights activists, an
effort that failed - though Google has admitted two Gmail accounts
were accessed. The information taken from those accounts, however,
was limited to information such as the date the account was created,
the company has said.
Citing a source close to the investigation, the Times reported the
incident started when a Google employee clicked on a malicious link
sent via instant message. As a result, the computer was infected and
attackers ultimately gained control of a software repository used by
the development team.
The attackers reportedly first tried
access the developers' work computers and then used a "set of
sophisticated techniques to gain access to the repositories where the
source code for the program was stored," the Times reported.
The breach triggered months of controversy that culminated in Google
closing the Chinese version of its search engine and redirecting users
Google spokesperson Jay Nancarrow said the company was not going to comment on the issue beyond what was said in January.