Home » Google » China’s Hackers Stole Google Source Code: Researcher

China’s Hackers Stole Google Source Code: Researcher

The hackers behind the attacks on Google Inc and dozens of other
companies operating in China stole valuable computer source code by
breaking into the personal computers of employees with privileged
access, a security firm said on Wednesday.

The hackers targeted a small number of employees who controlled source
code management systems, which handle the myriad changes that developers
make as they write software, said George Kurtz, chief technology
officer at anti-virus software maker McAfee Inc.

The details from McAfee show how the breach of just a single PC at a
large corporation can have widespread repercussions across the broader
business.

Google said in January that it had detected a cyber attack originating
from China on its corporate infrastructure that resulted in the theft of
its intellectual property.


Google said more than 20 other companies had been infiltrated, and cited
the attack, as well as Chinese Web censorship practices, as reasons for
the company to consider pulling out of China.

The Chinese government has said that Google’s claim that it was attacked
by hackers based in China was “groundless.” Kurtz said on Wednesday
that he believes that the hackers, who have not been apprehended, broke
through the defenses of at least 30 companies, and perhaps as many as
100.

He said the common link in several of the cases that McAfee reviewed is
that the hackers used source code management software from privately
held Perforce Software Inc, whose customers include Google and many
other large corporations.

“It is very easy to compromise the systems,” Kurtz said. Perforce
President Christopher Seiwald said McAfee performed its analysis on a
version of the Alameda, California-based company’s software that had
many of its security settings disabled.

Customers typically enable those settings, he said. Kurtz said the
hackers succeeded in stealing source code from several of their victims.
The attackers also had an opportunity to change the source code without
the companies’ knowledge, perhaps adding functions so the hackers could
later secretly spy on computers running that software, Kurtz said.

But investigators have yet to uncover any evidence that suggests that
they made such changes, he said. McAfee, the world’s No. 2 security
software maker, has spent the past few months investigating the attacks.

It declined to identify its clients. Other makers of source code
management programs include International Business Machines Corp,
Microsoft Corp and privately held Serena Software Inc. 

 http://www.reuters.com/