Google China hackers stole source code - researcher
* Users of hacked PCs had privileged access to source code
* Researchers says hackers stole source code data
* Hackers had opportunity to secretly modify source code
By Jim Finkle
BOSTON, March 3 (Reuters) - The hackers behind the attacks on Google Inc (GOOG.O) and dozens of other companies operating in China stole valuable computer source code by breaking into the personal computers of employees with privileged access, a security firm said on Wednesday.
The hackers targeted a small number of employees who controlled source code management systems, which handle the myriad changes that developers make as they write software, said George Kurtz, chief technology officer at anti-virus software maker McAfee Inc MFE.N.
The details from McAfee show how the breach of just a single PC at a large corporation can have widespread repercussions across the broader business.
Google said in January that it had detected a cyber attack originating from China on its corporate infrastructure that resulted in the theft of its intellectual property. Google said more than 20 other companies had been infiltrated [ID:nN12133127], and cited the attack, as well as Chinese Web censorship practices, as reasons for the company to consider pulling out of China.
The Chinese government has said that Google's claim that it was attacked by hackers based in China was "groundless."
Kurtz said on Wednesday that he believes that the hackers, who have not been apprehended, broke through the defenses of at least 30 companies, and perhaps as many as 100.
He said the common link in several of the cases that McAfee reviewed is that the hackers used source code management software from privately held Perforce Software Inc, whose customers include Google and many other large corporations.
"It is very easy to compromise the systems," Kurtz said.
Perforce President Christopher Seiwald said McAfee performed its analysis on a version of the Alameda, California-based company's software that had many of its security settings disabled. Customers typically enable those settings, he said.
Kurtz said the hackers succeeded in stealing source code from several of their victims.
The attackers also had an opportunity to change the source code without the companies' knowledge, perhaps adding functions so the hackers could later secretly spy on computers running that software, Kurtz said.
But investigators have yet to uncover any evidence that suggests that they made such changes, he said.
McAfee, the world's No. 2 security software maker, has spent the past few months investigating the attacks. It declined to identify its clients.
Other makers of source code management programs include International Business Machines Corp (IBM.N), Microsoft Corp (MSFT.O) and privately held Serena Software Inc. (Reporting by Jim Finkle; Editing by Richard Chang)
- Tweet this
- Share this
- Digg this