Google Hackers Used Social Engineering Tricks To Carry Out Attacks

McAfee, one of the world’s leading antivirus software and computer security companies, has claimed that the hackers which were responsible for the cyber attack on Google and several other US-based companies first ran a highly sophisticated reconnaissance on some of the employees at Google and might have impersonated their friends on some social networking sites.

McAfee’s Chief Technology Officer George Kurtz announced that the hackers used complex social engineering techniques and advanced reconnaissance techniques to specifically target those individuals which had access to sensitive company information.

Explaining the tactic used, Kurtz mentioned “Speaking generically, we're seeing a lot more targeted attacks where people focus on [employees with] the highest set of privileges, and then work backwards, gaining access to secondary parties to get to the primary source.”

If what Kurtz is saying is true then it means that hackers had to first compromise and manipulate social networking accounts of friends of some Google employees.

The targeted employees then received links to malicious websites from the compromised accounts, which they went on to click as they believed that those links were sent by a friend.

However, the CTO of McAfee believes that this cyber attack on privately held companies by the government of another country proves that global cyber wars have attained a whole new level.

Our Comments

But, in the future, companies that boast of high security measures are likely to step-up their cyber security walls in order to prevent further attacks of similar kind. That might or might not include much stricter access to social networking websites and communicating with persons outside a security perimeter.

Related Links

Report: Attackers sent Google workers IMs from 'friends'

(Cnet)

Hackers ran detailed reconnaissance on Google employees

(V3)

Friends Of Google Workers Attacked By Hackers (GOOG, ADBE, MFE)

(Benzinga)

What Google Attacks Can Teach the Enterprise

(PC World)