Skip to main content

China's Hackers Stole Google Source Code: Researcher



The hackers behind the attacks on Google Inc and dozens of other companies operating in China stole valuable computer source code by breaking into the personal computers of employees with privileged access, a security firm said on Wednesday.

The hackers targeted a small number of employees who controlled source code management systems, which handle the myriad changes that developers make as they write software, said George Kurtz, chief technology officer at anti-virus software maker McAfee Inc.


The details from McAfee show how the breach of just a single PC at a large corporation can have widespread repercussions across the broader business.


Google said in January that it had detected a cyber attack originating from China on its corporate infrastructure that resulted in the theft of its intellectual property.


Google said more than 20 other companies had been infiltrated, and cited the attack, as well as Chinese Web censorship practices, as reasons for the company to consider pulling out of China.


The Chinese government has said that Google's claim that it was attacked by hackers based in China was "groundless." Kurtz said on Wednesday that he believes that the hackers, who have not been apprehended, broke through the defenses of at least 30 companies, and perhaps as many as 100.

He said the common link in several of the cases that McAfee reviewed is that the hackers used source code management software from privately held Perforce Software Inc, whose customers include Google and many other large corporations.

"It is very easy to compromise the systems," Kurtz said. Perforce President Christopher Seiwald said McAfee performed its analysis on a version of the Alameda, California-based company's software that had many of its security settings disabled.

Customers typically enable those settings, he said. Kurtz said the hackers succeeded in stealing source code from several of their victims. The attackers also had an opportunity to change the source code without the companies' knowledge, perhaps adding functions so the hackers could later secretly spy on computers running that software, Kurtz said.

But investigators have yet to uncover any evidence that suggests that they made such changes, he said. McAfee, the world's No. 2 security software maker, has spent the past few months investigating the attacks.

It declined to identify its clients. Other makers of source code management programs include International Business Machines Corp, Microsoft Corp and privately held Serena Software Inc. 


 http://www.reuters.com/
 

Comments

Popular posts from this blog

Pakistani JF-17 A Thunder OR A Blunder

Pakistan has witnessed new defense acquisitions in this decade than any other, and in the center of it all is the new fighter which was designed by China with partial funding from Pakistan. It is formally known as JF-17 Thunder. When the fighter was in development, Pakistani online communities were jumping with excitement comparing it with its arch rival India’s modern combatants Su-30MKI, Mig-29S & Mirage-2000H. There were claims of it featuring western Radars and long range missiles, & Chinese ordering some due to its superior capabilities. But the reality is far from it. China having spent significant amount of money into a fighter which it is never going to use, most probably forced Pakistan to accept its avionics to offset some its development costs. Chinese who are known for their self reliance first and quality next, are further downgrading JF-17s capabilities with their poorly copy-pirated avionics. Along with their dubious weapons, any chance of JF...

India Planned Attack On Pak Navy Mehran Base To Kill Chinese Engineers

The terrorist attack on Karachi's Mehran Naval Station on May 22 was conceived and launched by India with the primary objective of killing the Chinese engineers present there, a Pakistani newspaper has claimed, citing 'informed sources'. Four to six Taliban terrorists had entered PNS Mehran on May 22, destroying two maritime surveillance aircraft and killing ten military personnel during their 17-hour siege of the naval air base. "India is the only country in the region that feels troubled by the Pakistan Navy, which had awfully beaten the Indian Navy in Operation Dwarka of 1965. Since then, it has been an earnest desire of India to harm the Pakistan Navy but it was perhaps not possible on the battle front, hence it struck the PNS Mehran," The News quoted sources as saying.

Pakistani F-16s Shoot Down RAF Eurofighter Typhoons During Air Combat Exercises In Turkey

Pakistani pilots flying modernised versions of the 1970s-vintage F-16 Falcon fighter have beaten the RAF's brand-new Eurofighter Typhoon superfighters during air combat exercises in Turkey, according to a Pakistani officer. Analysis: The RAF Typhoon, formerly known as the Eurofighter, should nonetheless have been vastly superior in air-to-air combat whether BVR or close in within visual range (WVR). The cripplingly expensive, long-delayed Eurofighter was specifically designed to address the defects of its predecessor the Tornado F3 – famously almost useless in close-in, dogfighting-style air combat. The Typhoon was meant to see off such deadly in-close threats as Soviet "Fulcrums" and "Flankers" using short-range missiles fired using helmet-mounted sight systems: such planes were thought well able to beat not just Tornados but F-16s in close fighting, and this expectation was borne out after the Cold War when the Luftwaffe inherite...