Google China hackers stole source code - researcher

Wed Mar 3, 2010 4:32pm EST

* Users of hacked PCs had privileged access to source code

* Researchers says hackers stole source code data

* Hackers had opportunity to secretly modify source code

By Jim Finkle

BOSTON, March 3 (Reuters) - The hackers behind the attacks on Google Inc (GOOG.O) and dozens of other companies operating in China stole valuable computer source code by breaking into the personal computers of employees with privileged access, a security firm said on Wednesday.

The hackers targeted a small number of employees who controlled source code management systems, which handle the myriad changes that developers make as they write software, said George Kurtz, chief technology officer at anti-virus software maker McAfee Inc MFE.N.

The details from McAfee show how the breach of just a single PC at a large corporation can have widespread repercussions across the broader business.

Google said in January that it had detected a cyber attack originating from China on its corporate infrastructure that resulted in the theft of its intellectual property. Google said more than 20 other companies had been infiltrated [ID:nN12133127], and cited the attack, as well as Chinese Web censorship practices, as reasons for the company to consider pulling out of China.

The Chinese government has said that Google's claim that it was attacked by hackers based in China was "groundless."

Kurtz said on Wednesday that he believes that the hackers, who have not been apprehended, broke through the defenses of at least 30 companies, and perhaps as many as 100.

He said the common link in several of the cases that McAfee reviewed is that the hackers used source code management software from privately held Perforce Software Inc, whose customers include Google and many other large corporations.

"It is very easy to compromise the systems," Kurtz said.

Perforce President Christopher Seiwald said McAfee performed its analysis on a version of the Alameda, California-based company's software that had many of its security settings disabled. Customers typically enable those settings, he said.

Kurtz said the hackers succeeded in stealing source code from several of their victims.

The attackers also had an opportunity to change the source code without the companies' knowledge, perhaps adding functions so the hackers could later secretly spy on computers running that software, Kurtz said.

But investigators have yet to uncover any evidence that suggests that they made such changes, he said.

McAfee, the world's No. 2 security software maker, has spent the past few months investigating the attacks. It declined to identify its clients.

Other makers of source code management programs include International Business Machines Corp (IBM.N), Microsoft Corp (MSFT.O) and privately held Serena Software Inc. (Reporting by Jim Finkle; Editing by Richard Chang)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (1)
Rosiemeow wrote:
This is the biggest crock of propaganda ever spewed out of the White House. Google was a major contributor to the Obama campaign. China has the largest Internet population in the world. The *supposed* attack on Google was not sophisticated, if there was one at all which most with half a brain in the US understand. The CIA, SS, APNIC & CERT were all well aware of the so called port scans and “alleged” hacks supposedly originating from “China” and have been so for years, and have done nothing – the block of IP addresses they supposedly came from have contact information that is invalid, and could have easily been set up by anyone, anywhere. APNIC is well aware the IP address is registered with invalid information (FYI, APNIC is in Australia). It is, after all, good for the US economy to sell security software and keep whatever software developers that are left here in the US in work. And why should China worry about it – they do, after all, own 51% of Symantec. The first report of these hacks and scans came from a supposed “Congressional Aide” on some hokey political site over a year ago. This is nothing new. China has the world’s largest Internet population in the world, and Google stands to lose astronomical amounts of potential revenue with porn being their biggest money generating source. Google forgets China is their *customer* and regardless of what WE want and like, it is China’s choice what *they* want and like, and certainly not Hillary Clinton’s. And frankly, China should not and does not care, and will hopefully take it for the stupidity it really is, since there has been NO substantiation to Google’s claim – no details, no information except to say it happened. C’mon now.

Our US Internet infrastructure security is a joke here, in fact if one calls the White House and asks to speak with the “Cyber Czar” office, they will tell you they don’t even know what a cyber czar is. Any offending IP block that’s been scanning ports worldwide can be easily blocked, but have not been. No need to read this whole list – just look at hu is Number One and scroll down to the very bottom to see who is last:

https://www.cia.gov/library/publications/the-world-factbook/rankorder/2187rank.html

Mar 05, 2010 1:28pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.