Chinese hackers who breached Google gained access to sensitive data, U.S. officials say


By Washington Post-By Ellen Nakashima,

Chinese hackers who breached Google’s servers several years ago gained access to a sensitive database with years’ worth of information about U.S. surveillance targets, according to current and former government officials.

The breach appears to have been aimed at unearthing the identities of Chinese intelligence operatives in the United States who may have been under surveillance by American law enforcement agencies.

It’s unclear how much the hackers were able to discover. But former U.S. officials familiar with the breach said the Chinese stood to gain valuable intelligence. The database included information about court orders authorizing surveillance — orders that could have signaled active espionage investigations into Chinese agents who maintained e-mail accounts through Google’s Gmail service.

“Knowing that you were subjects of an investigation allows them to take steps to destroy information, get people out of the country,” said one former official, who, like others interviewed for this article, spoke on the condition of anonymity to discuss a highly sensitive matter. The official said the Chinese could also have sought to deceive U.S. intelligence officials by conveying false or misleading information.

Although Google disclosed an intrusion by Chinese hackers in 2010, it made no reference to the breach of the database with information on court orders. That breach prompted deep concerns in Washington and led to a heated, months-long dispute between Google and the FBI and Justice Department over whether the FBI could access technical logs and other information about the breach, according to the officials.

Google declined to comment for this article, as did the FBI. I wonder why?

Last month, a senior Microsoft official suggested that Chinese hackers had targeted the company’s servers about the same time that Google’s system was compromised. The official said Microsoft concluded that whoever was behind the breach was seeking to identify accounts that had been tagged for surveillance by U.S. national security and law enforcement agencies.

“What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on,” David W. Aucsmith, senior director of Microsoft’s Institute for Advanced Technology in Governments, said at a conference near Washington, according to a recording of his remarks.

“If you think about this, this is brilliant counterintelligence,” he said in the address, which was first reported by the online magazine CIO.com. “You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That’s essentially what we think they were trolling for, at least in our case.”

Microsoft now disputes that its servers had been compromised as part of the cyberespionage campaign that targeted Google and about 20 other companies. Aucsmith, who cited that campaign in his remarks, said in a statement to The Washington Post that his comments were “not meant to cite any specific Microsoft analysis or findings about motive or attacks.”

Now after reading this article I have a question for you.. Why do so many folks trust their mail and desktop applications to 2 large high profile firms that have already announced that in reality you have no privacy if you use their services, why don’t you just hand them all your confidential documents and forget email just call them up and leave a voicemail. I know this sounds a little jaded but is true.
The biggest domain spammers are Google/Gmail , Microsoft’s hosted outlook, facebookmail.com, yahoo and believe it or not checkpoint.com (Based upon current report form Commtouch)

Tags: , , , , , , , ,

Comments are closed.

%d bloggers like this: