Google's universal sign-on service "Gaia" compromised in Chinese hacks?

General April 21, 2010 at 9:51 AM

Google’s high profile war of words with China has garnered much public attention but the underlying cause of the dispute — the alleged hacking of Google by Chinese individuals, possibly with government sanction, has stayed quietly under the radar. A source with knowledge of Google’s internal investigation revealed to the NY Times that one of the targets of the attack was Google’s universal login system known as “Gaia”. Though you may not be familiar with the name, every Android-toting, Gmail-checking Google user is familiar with the system. Gaia, now known as “Single Sign-On”, is the password and login system that powers Google’s universal login and lets you read your feeds in Reader, analyze your website traffic, and check your Gmail using a single, simultaneous login. No passwords or accounts were compromised but the hackers allegedly obtained some, if not all, of the source code for this password/login system. Google declined to comment on this latest leaked information and towed the company line by re-affirming that it has dealt with all the security issues associated with this attack. We don’t need to elaborate on the potential ramifications this revelation has on the perceived security of Google’s cloud system; we can let you do that in the comments.

Read

Tags:: China, Google, Hacks, Login, Password, Security, Single Sign-On

dave

this story is almost 3 days old tho….?
http://grrargh.com seriously

any good security system should retain its value even when the system is publicly known.

this is why RSA is a publicly known crypto-system, for example.

chinese hackers having a copy of google’s code might expedite their attempts to break in, but given google’s talent pool the code is likely clean and well written: it should be safe even with public knowledge of how it works.

skyy_flyer

Couldn’t have said it any better. Just because you know HOW something works, doesn’t mean you can duplicate or break it. Just like everyone past jr high science courses know that a nuke is simply a collission of two pieces of radioactive material, but not so easy to make them go critical mass, hence why the whole “terrorists getting a nuke” is a overblown hype machine for news ratings. So I ain’t too worried about Google being compromised.

windontree

the Chinese basically riding the coat tails of the “Capitalists” to make a lot of money for themselves now has the gall of trying to undermine the open (“Capitalist’) systems that helped put them in such good financial standing.

this is not a War they want to start, for in the end, their basic disdain for open and honest relationships will do them in.

fraud, incompetence, dishonesty, bureaucracy, intolerance, arrogance etc etc are the real hallmarks to their neo-maoist society.
Celz

I wonder at what point the Us govt will have to get involved.. Im not particularly thrilled about a country letting loose legions of cyber thugs on one of americas most important companies. One that holds me and my families info..
Mr. Anderson

Isn’t the US govt already involved, Celz? I believe Google asked the NSA for help right after the hack. BG had a story on it about a month & a half ago.

Que???

Yea the NSA did get involved, however, the depth of their involvement was kept quite.

Dan

Reading this discourages me quite a bit. I was actually victim to having my Google account hacked last week and according to the log in history in Gmail it originated in China. Thankfully they only sent 1 email to all my contacts with a spam link and were not able to reset my password or info before I noticed what happened.

Que???

How (specifically) were you able to determine the hack was from China?

eloscurosecreto

Good questions, what logs are you talking about?
Corey

I think you are looking for the Last account activity link at the bottom of your inbox in Gmail.

(And before you ask: no, it is not possible to get anything older than the last 5 logins.)

RTS

I hope Google takes the best strategy of going on the offense and not just relying on defense.
NuShrike

Related to recent Gmail account compromises? http://www.pcworld.com/businesscenter/article/194635/drugdealing_spammers_hit_gmail_accounts.html
Killah kyle

China needs a lesson. A few nukes should solve the problem

Php

nukes? this all what you think of? believe me if America goes and attack china with a nuke. you think china does not have the capability to retaliate back? and what will be the outcome of that now? war and war. us humans are a self destructing race. we will be our own end.

Hubs

Apple

Android

Mobile

Business

Related Articles

Hubs

Apple

Android

Mobile

Business