As reported on Wired.
BY KIM ZETTER
Hackers who breached Google’s network in 2010 obtained access to the company’s system for tracking surveillance requests from law enforcement, according to a news report.
The hackers gained access to a database that Google used to process court orders from law enforcement agencies seeking information about customer accounts, including classified FISA orders that are used in foreign intelligence surveillance investigations, according to the Washington Post.
The database contained years’ worth of information on law enforcement surveillance surveillance orders issued by judges around the country. The hackers were hoping to discover if law enforcement agents were investigating undercover Chinese intelligence operatives who were working out of the U.S.
The news confirms rumors that circulated at the time of the breach that Google’s hackers had gained access to this system.
“Knowing that you were subjects of an investigation allows them to take steps to destroy information, get people out of the country,” a former U.S. official told the Post.
Google stunned the security community in January 2010 when it became the first U.S. company to publicly announce that it had been hacked. The company said at the time that the intruders had stolen source code and were also trying to obtain access to the Gmail accounts of Tibetan activists.
Google wasn’t the only company that was hacked in 2010. Minutes after Google announced its intrusion, Adobe acknowledged in a blog post that it discovered Jan. 2 that it had also been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.” Eventually, reports surfaced that the attackers had targeted more than 30 companies, including financial institutions and defense contractors, seeking source code and other data. The attackers targeted source code management systems, which would have given them the ability to steal source code as well as modify it to make customers who use the software vulnerable to attack.
The sophisticated Google breach was traced to China and prompted Google to announce plans to stop censoring Google search results in that country. The breach also led Secretary of State Hillary Clinton to publicly condemn the intrusion and call on China to explain itself over the breach.
Asked by Wired at the time if its system for processing law enforcement surveillance requests was breached, a Google spokesman declined to answer.
But according to the Post, the breach launched a months-long dispute between Google and the Justice Department over the latter’s request to view logs and other forensic information about the breach. The Postdoesn’t say what Google provided law enforcement.
The news comes weeks after a senior Microsoft official disclosed during a conference presentation last month that Chinese hackers had targeted his own company around the same time that Google had been hacked. He noted that the attackers had been trying to determine which Microsoft accounts were under surveillance by law enforcement. He suggested this had been their goal in hacking Google as well.
“What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on,” David W. Aucsmith, senior director of Microsoft’s Institute for Advanced Technology in Governments, said at the time.
The Post notes that Microsoft disputes that its servers were breached in the 2010 wave of attacks that struck Google and other companies. But Aucsmith never said the company was breached, just that it was targeted, suggesting that an attempt may have been made to breach the system but was either unsuccessful or was caught before the hackers could gain entry.