If you have been wondering how safe cloud computing technologies are for proprietary secrets and sensitive information storage you can draw your own conclusions after reading the following details related to the Google hacking incident in which China is blamed. Whether or not the Chinese government is behind the incident is still unclear and it is appearing to be less of an effort to identify 'human rights' activists in that country than it is an attempt to exploit and steal Google secrets. Still, the real question should be how safe is cloud computing on a global scale?
Yesterday the world finally learned the truth about the attack on Google by Chinese hackers which became public in January, 2010. According to a source within the Google Corporation, who requested his identity remain anonymous, the raid on Google lasted less than two days and took place in December, 2009. According to this source and The New York Times reporter, John Markoff, the theft was not of user accounts in the typical sense. Instead, the theft involved that of a Google Development Team which had vast amounts of proprietary information in the ‘clouds’. Apparently, developers previously used a single password to access a range of services within the Google Developers Intranet and it was this information that was acquired by hackers.
The NYT story reports access was gained when an active link within an instant message sent to a Google employee working in China was clicked. The original IM was sent using Microsoft’s Messenger program and the link connected the employee’s machine to what the article referred to as a “poisoned’ web site. Having gained access to the single machine made it possible for the intruders to gain access to a critical group of software developers at Google Headquarters based on the single login criteria. From there the hackers gained control of a software repository used by the development team. Cloud computing is a new wave in technology that allows software and database records to enjoy centralized storage. These stores of information make it possible for numerous team members around the globe to easily collaborate on projects without the necessity of physical proximity. Cloud computing has also made possible what is known as SaaS. SaaS is an acronym for software as a service.
At Manwaring Web Solutions we believe common sense dictates. Although common sense is often times not so common so we feel it important to warn everyone... in situations where a single breach can result in disastrous losses….never click on a link from an unknown source via email or instant message systems.
This is important so it is worth repeating...
DO NOT CLICK ON AN EMAIL OR INSTANT MESSAGE LINK FROM ANYONE YOU ARE NOT WELL ACQUAINTED.
To finish enlightening you on the Google Theft....
In Google’s case, the intruders seemed to have precise intelligence about the names of the Gaia software developers, and they first tried to access their work computers and then used a et of sophisticated techniques to gain access to the repositories where the source code for the program was stored.
They (intruders) then transferred the stolen software to computers owned by Rackspace, a Texas company. Rackspace, which had no knowledge of the transaction, offers Web-hosting services. It is not known where the software was sent from there. The intruders had access to an internal Google corporate directory known as Moma, which holds information about the work activities of each Google employee, and they may have used it to find specific employees.
Source: http://www.msnbc.msn.com/id/36655005