Cyberattack on Google Said to Hit Password System

The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said. Described publicly only once at a technical conference four years ago, the software is intended to enable users and employees to sign in with their password just once to operate a range of services.

The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.

The new details seem likely to increase the debate about the security and privacy of vast computing systems such as Google’s that now centralize the personal information of millions of individuals and businesses. Because vast amounts of digital information are stored in a cluster of computers, popularly referred to as “cloud” computing, a single breach can lead to disastrous losses.

The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program, according to the person with knowledge of the internal inquiry, who spoke on the condition that he not be identified.

By clicking on a link and connecting to a “poisoned” Web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer and then to the computers of a critical group of software developers at Google’s headquarters in Mountain View, Calif. Ultimately, the intruders were able to gain control of a software repository used by the development team.

The details surrounding the theft of the software have been a closely guarded secret by the company. Google first publicly disclosed the theft in a Jan. 12 posting on the company’s Web site, which stated that the company was changing its policy toward China in the wake of the theft of unidentified “intellectual property” and the apparent compromise of the e-mail accounts of two human rights advocates in China.

The accusations became a significant source of tension between the United States and China, leading Secretary of State Hillary Rodham Clinton to urge China to conduct a “transparent” inquiry into the attack. In March, after difficult discussions with the Chinese government, Google said it would move its mainland Chinese-language Web site and begin rerouting search queries to its Hong Kong-based site.

Company executives on Monday declined to comment about the new details of the case, saying they had dealt with the security issues raised by the theft of the company’s intellectual property in their initial statement in January.

Google executives have also said privately that the company had been far more transparent about the intrusions than any of the more than two dozen other companies that were compromised, the vast majority of which have not acknowledged the attacks.

Google continues to use the Gaia system, now known as Single Sign-On. Hours after announcing the intrusions, Google said it would activate a new layer of encryption for Gmail service. The company also tightened the security of its data centers and further secured the communications links between its services and the computers of its users.

Several technical experts said that because Google had quickly learned of the theft of the software, it was unclear what the consequences of the theft had been. One of the most alarming possibilities is that the attackers might have intended to insert a Trojan horse — a secret back door — into the Gaia program and install it in dozens of Google’s global data centers to establish clandestine entry points. But the independent security specialists emphasized that such an undertaking would have been remarkably difficult, particularly because Google’s security specialists had been alerted to the theft of the program.

However, having access to the original programmer’s instructions, or source code, could also provide technically skilled hackers with knowledge about subtle security vulnerabilities in the Gaia code that may have eluded Google’s engineers.

“If you can get to the software repository where the bugs are housed before they are patched, that’s the pot of gold at the end of the rainbow,” said George Kurtz, chief technology officer for McAfee Inc., a software security company that was one of the companies that analyzed the illicit software used in the intrusions at Google and at other companies last year.

Rodney Joffe, a vice president at Neustar, a developer of Internet infrastructure services, said, “It’s obviously a real issue if you can understand how the system works.” Understanding the algorithms on which the software is based might be of great value to an attacker looking for weak points in the system, he said.

When Google first announced the thefts, the company said it had evidence that the intrusions had come from China. The attacks have been traced to computers at two campuses in China, but investigators acknowledge that the true origin may have been concealed, a quintessential problem of cyberattacks.

Several people involved in the investigation of break-ins at more than two dozen other technology firms said that while there were similarities between the attacks on the companies, there were also significant differences, like the use of different types of software in intrusions. At one high-profile Silicon Valley company, investigators found evidence of intrusions going back more than two years, according to the person involved in Google’s inquiry.

In Google’s case, the intruders seemed to have precise intelligence about the names of the Gaia software developers, and they first tried to access their work computers and then used a set of sophisticated techniques to gain access to the repositories where the source code for the program was stored.

They then transferred the stolen software to computers owned by Rackspace, a Texas company that offers Web-hosting services, which had no knowledge of the transaction. It is not known where the software was sent from there. The intruders had access to an internal Google corporate directory known as Moma, which holds information about the work activities of each Google employee, and they may have used it to find specific employees.


Magash HaKesef – The Silver Platter

Last Updated on Sunday, 18 April 2010 03:53 Written by bryfy Sunday, 18 April 2010 10:09

On this Yom Hazikaron (Israeli Fallen Soldiers and Victims of Terrorism Remembrance Day) I want to recall an episode from my first trip to Israel, 20 years ago. It was on Kibbutz Yizre’el, where I lived for 6 months, that I met the members of Garin Shakuf (Transparent) – a group of 18 year old Israelis who had volunteered to extend their army service by working both on a kibbutz and serving in the IDF.

Our group of Aussies and Kiwis made friends very quickly with the members of the Israeli garin. What was not to enjoy? Here we were a large group of motivated, passionate, largely ideologically driven, virile, long-haired people living and working together for an extended period of time. We toiled in the fields and factories together, ate in the dining room together and danced and drunk in the pub together. For all intensive purposes we were fast becoming friends. And despite some language barriers there was enough in common – as Jews coming together from different parts of the world that united us all…. [continues via ]


BBC America Shop – Doctor Who: Eleventh Doctor’s Sonic Screwdriver

Yes, everyone needs a Sonic Screwdriver to traverse time and space, but HOW MUCH?! I’m sorry, unless that thing actually reverses the polarity of the neutron flow and has a built in teleportation device… I’m sticking with my $15 10th Doctor’s version. Now on to this week’s adventure to save the universe…

Doctor Who: Eleventh Doctor’s Sonic Screwdriver


You never know when you might need the most versatile tool in the universe! The eleventh Doctor’s multipurpose Gallifreyan device emits luminous green LED light and four different sound effects familiar to Doctor Who fans.

This item has not been rated.

Item Number: 15773

Availability: IN STOCK
Reg. Price: $39.98
Your Price: $34.98


David Mills, Television Writer and Producer, Dies at 48 – Obituary (Obit)

So very sad – such an amazing talent and inspiration – taken far too young OG


David Mills, a former journalist who explored race relations and racial tensions as an Emmy-winning television writer for dramas like “NYPD Blue,” “The Wire” and “Homicide,” died on Tuesday in New Orleans on the set of a new show, “Treme.” He was 48 and had homes in Los Angeles and Silver Spring, Md.


Skip to next paragraph


Andrea Mohin/The New York Times

David Mills, right, working on the HBO mini-series “The Corner” in 2000 with Robert Colesberry, center, and David Simon.

The cause is thought to be a brain aneurysm, said David Simon, the creator of “Treme” and a longtime friend of Mr. Mills’s.

The show, which is set in New Orleans in the aftermath of Hurricane Katrina — the title is the name of a neighborhood, pronounced truh-MAY — is to have its premiere on HBO on April 11. Mr. Simon said Mr. Mills was the supervising writer-producer for a scene being shot at Cafe du Monde in the French Quarter and was sitting in a director’s chair when he suddenly slumped over. He was taken to Tulane Medical Center, where he died without regaining consciousness.

“He was talking to someone who turned away for a minute, and when he turned back, David was just, well, gone,” Mr. Simon said.

Both as a journalist — he worked for The Wall Street Journal, The Washington Times and The Washington Post — and as a television writer, Mr. Mills was most interested in the subject of race. He wrote about its manifestations in music, politics and American culture in general in a forthright style and with a voice that betrayed fascination but no ideology or identifiable bias.

A light-skinned black man whose racial identity was not always evident to those around him, he wrote white characters and black characters with equal zeal, as shown in episodes of “NYPD Blue” featuring the racially insensitive white police officer Andy Sipowicz (played by Dennis Franz) and the often seething black lieutenant Arthur Fancy (James McDaniel). Mr. Mills was able “to travel with great fluidity between worlds and communities,” Mr. Simon said.

Mr. Mills’s blog, which he wrote for the past five years, was called “Undercover Black Man.”

Mr. Mills shared two Emmy awards — one for outstanding mini-series, one for outstanding writing for a mini-series — for his work on “The Corner,” a six-episode drama about a year in the life of a neighborhood in inner-city Baltimore that was based on a book by Mr. Simon and Ed Burns and was shown on HBO in 2000. The relationship of Mr. Mills, Mr. Simon, who is white, and the show’s director, Charles Dutton, who is black, was the subject of an article in The New York Times in 2000, “Who Gets to Tell a Black Story?,” that was part of the paper’s Pulitzer Prize-winning series “How Race Is Lived in America.”

Mr. Mills also wrote for Mr. Simon’s other notable dramas, “Homicide,” set in Baltimore; and “The Wire,” HBO’s taut portrait of that city’s institutions. His other credits included “E.R.,” NBC’s long-running hospital show, and “Kingpin,” a show he created about a drug trafficker that was canceled by NBC after six episodes in 2003.

David Eugene Mills was born in Washington and grew up in the northeast section of the city before a fire forced his family to move to Lanham, Md. He graduated from the University of Maryland at College Park, where he met Mr. Simon while the two worked for The Diamondback, the campus daily newspaper.

After college he worked for The Wall Street Journal in Chicago, but left after a year to return to Washington to write first for The Times and then The Post, where he covered race and popular culture. His interview with the rapper Sister Souljah after the Los Angeles riots of 1992 created headlines when an already incendiary quotation from her — “I mean, if black people kill black people every day, why not have a week and kill white people?” — was cited by an outraged presidential candidate, Bill Clinton.

The same year, Mr. Simon asked Mr. Mills for help in writing an episode of “Homicide,” which was being adapted from Mr. Simon’s nonfiction book about the Baltimore police department’s homicide unit. After the episode, which starred Robin Williams, was broadcast in 1994, Mr. Mills left The Post for Hollywood.

He worked briefly as a story editor for the David Kelley series “Picket Fences,” but his big break came when he read an interview with David Milch, the lead writer of “NYPD Blue,” who said that black writers had a hard time writing for mainstream commercial television. Mr. Mills wrote an arch note to Mr. Milch, who hired him.

For his work on the show, he was nominated twice for Emmys.

Mr. Mills is survived by a brother, Franklin Mills, of Washington, and two sisters, Blanche Carroll, of Peoria, Ariz., and Gloria Johnson, of Charlotte, N.C.

This article has been revised to reflect the following correction:

Correction: April 3, 2010
An obituary on Thursday about David Mills, a television writer who explored racial issues in scripts for “NYPD Blue,”
“Homicide” and other dramas, referred incorrectly to the HBO series “The Wire,” for which he also wrote. It was an urban drama that explored various aspects of Baltimore and its institutions; it was not a “taut prison series.”

Sign in to Recommend More Articles in Arts » A version of this article appeared in print on April 1, 2010, on page A25 of the New York edition.