Gaia compromised

Google Attackers Gained Access to Computer Code

By BEN WORTHEN And JESSICA E. VASCELLARO

Attackers who breached Google Inc.'s systems last year gained access to computer code for the software that authenticates users of Google's email, calendar and other online programs, according to a person familiar with the matter.

The code was contained in a repository that contained code for Google's online applications and was also breached, this person said.

The disclosure comes as much about the nature of the attacks and the perpetrators behind it remain unclear. Google, which disclosed the attacks in January, opted following the incident to shut down its censored search service in China.

Security experts had previously uncovered evidence that the attackers had stolen some source-code from the company, by exploiting a security flaw in Microsoft Corp's Internet Explorer.

More

• Countries Criticize Google for Privacy Abuses

• Tech Firms Scramble to Secure Cloud

A Google spokeswoman Monday declined to comment beyond the company's initial statement on the attacks, which said that some of the company's intellectual property was stolen and that it believed the attack originated from China.

Chinese officials have denied that their government is responsible.

At the time, Google said it believed that the attackers were trying to access the Gmail accounts of Chinese human rights activists. The company said that it had traced the attacks to China. It said that only two Gmail accounts appear to have been accessed and that activity was limited to account information not the content of the emails. The company added that it had enhanced its security.

The person familiar with the matter said that the attackers gained access to Google's computer code by compromising a workstation used by a Google engineer.

Google's password-management system, known as Gaia, does not store passwords or user information; rather it is the instructions that allows Google to recognize when a Google users already logged into one service, like Gmail, tries to log into another. Gaining access to the system is the equivalent of learning how to operate a filing system, and not accessing the information contained inside, the person familiar with the matter said.

The New York Times reported earlier that Google's password system had been breached.

View Full Image

Getty Images

The disclosure comes as Google has been grappling with the fallout from its decisions to stop censoring its search engine in response to attack. The company began routing searchers in mainland China to an uncensored version of its search engine based in Hong Kong in March. Since then, some services have experienced a range of intermittent blockages.

Perpertrators of the attacks have not been identified. But some security experts suspect a group of attackers that has penetrated hundreds more companies since Google went public with its attacks in January. "The exact same group has been exceptionally active," said one person familiar with the attacks Google announced.

The group, which is believed to be Chinese and has been identified by investigators by its attack methods, has broadened its victims to include law firms and utility companies, this person said. It's been penetrating companies at a rate of at least 20-50 new companies a week, this person added.

—Siobhan Gorman contributed to this article.

Write to Ben Worthen at ben.worthen@wsj.com and Jessica E. Vascellaro atjessica.vascellaro@wsj.com