The Chinese hackers who breached Google's corporate servers 41 months ago gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government, according to a published report.
The revelation came in an article published Monday by The Washington Post, and it heightens concerns about the December, 2009 hack. When Google disclosed it a few weeks later, the company said only that the operatives accessed Google "intellectual property"—which most people took to mean software source code—and Gmail accounts of human rights activists.
Citing officials who agreed to speak on the condition that they not be named, Washington Post reporter Ellen Nakashima said the assets compromised in the attack also included a database storing years' worth of information about US surveillance targets. The goal, according to Monday's report, appears to be unearthing the identities of Chinese intelligence operatives in the US who were being tracked by American law enforcement agencies.
The article continued:
It’s unclear how much the hackers were able to discover. But former US officials familiar with the breach said the Chinese stood to gain valuable intelligence. The database included information about court orders authorizing surveillance—orders that could have signaled active espionage investigations into Chinese agents who maintained e-mail accounts through Google’s Gmail service.
“Knowing that you were subjects of an investigation allows them to take steps to destroy information, get people out of the country,” said one former official, who like others interviewed for this article, spoke on the condition of anonymity to discuss a highly sensitive matter. The official said the Chinese could also have sought to deceive US intelligence officials by conveying false or misleading information.
The revelation comes one month after CIO magazine reported that a senior Microsoft official suggested that the hackers behind the Google attack were seeking to identify accounts that were under surveillance by US national security and law enforcement agencies.
"If you think about this, this is brilliant counterintelligence," said David Aucsmith, senior director of Microsoft's Institute for Advanced Technology in Governments. "You have two choices: If you want to find out if your agents... have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That’s essentially what we think they were trolling for, at least in our case."
The 2009 hack on Google was carried out using a spear phishing e-mail that tricked employees into clicking on a malicious link. The attackers then exploited a then-unknown and unpatched vulnerability in the latest version of Microsoft' s Internet Explorer 6 browser, allowing them to remotely control the computers that accessed the drive-by exploit. Some 34 other companies were also targeted in the campaign. Google was the only one of them to publicly acknowledge that it had been hacked.
Left out of Google's disclosure, however, were these crucial details unearthed in Monday's Washington Post article:
As Google was responding to the breach, its technicians made another startling discovery: its database with years' worth of information on surveillance orders had been hacked. The database included data on thousands of orders issued by judges around the country to law enforcement agents seeking to monitor suspects’ e-mails.
The most sensitive orders, however, came from a federal court that approves surveillance on foreign targets such as spies, diplomats, suspected terrorists, and agents of other governments. Those orders, issued under the Foreign Intelligence Surveillance Act, are classified.
The breach prompted deep concerns in Washington. Bureau officials disclosed it to FBI Director Robert S. Mueller III, who in turn briefed President Obama on the matter. The attack also touched off a "heated, months-long dispute between Google and the FBI and Justice Department over whether the FBI could access technical logs and other information about the breach."
Article updated to add detail about IE 6 in third-to-last paragraph.
reader comments
48