The recent Chinese cyber offensive against Google may have also compromised a password system that controls access to almost all the company’s web services, including e-mail and business apps.
According to the New York Times, the program – code named Gaia for the Greek goddess of the earth – was attacked in a “lightning raid” in December 2009.
“Described publicly only once at a technical conference four years ago, the software is intended to enable users and employees to sign in with their password just once to operate a range of services,” explained John Markoff of the New York Times.
“The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions.”
However, Google continues to use the Gaia system, which has been renamed “Single Sign-On” and features new layers of encryption for its Gmail service.
The company has also increased the security of its data centers, while upgrading (secure) communications links between its services and external computers.
Nevertheless, the above-mentioned breach could allow hackers to discover additional weaknesses in current and future iterations of Google’s password system.
“It’s obviously a real issue if you can understand how the system works,” acknowledged Rodney Joffe, a VP at Neustar.
“Understanding the algorithms on which the software is based might be of great value to an attacker looking for weak points in the system.”