Google Aurora Hackers May Have Changed Source Code

A recent report by a security firm is claiming that the recent wave of hacking attacks on Google, along with dozens of other firms, pilfered and modified crucial system source code by intruding into the employees' PCs via privileged login credentials.

The hackers actually targeted only a small bunch of employees who were responsible for controlling source code management systems, which control several changes that developers introduce while they write any software, according to George Kurtz, CTO at the security firm McAfee.

The white paper, published by McAfee during RSA security conference in San Francisco, divulges some unexplored details about the recent attacks, codenamed as "Operation Aurora", which impacted as many as 34 companies, such as Google and Adobe, starting from July last year.

Incidentally, McAfee assisted Adobe in investigating the kind of attacks launched on its systems, and even provided crucial details to Google about malware used in exploiting its systems.

Dmitri Alperovitch, McAfee's VP for threat research, described the software configuration management (SCM) systems as the "crown jewels" of the companies.

Along the same line, he said: "No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways -- much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting".

Our Comments

The research study carried out by McAfee demonstrated that how control over a single machine at a big corporation could impact its cyber infrastructure on a larger scale with some devastating effects for the customers, unaware of what's going on in the background.

Related Links

'Google' Hackers Had Ability to Alter Source Code

(Wired)

Google China hackers stole source code - researcher

(Reuters)

McAfee: Source code is easy target within corporations

(CNet)

Google hackers stole valuble source code - McAfee

(China Economic Review)

McAfee Says Hackers Sought Companies' 'Crown Jewels'

(Business Week)