McAfee Claims Google China Attack Caused by Source Code Theft
The Google China debacle – by targeting a small number of employees with privileged access at the China offices of Google Inc and other companies, hackers stole valuable source code that enabled them to carry out the cyber attacks (said McAfee on Wednesday). The specific employees who were targeted were those who controlled the source code management systems that handle the changes that developers make as they write software.
The part of the reason (apart from China’s web censorship practices) for Google pulling out of China, this cyber-attack occurred in January, and resulted in theft of Google’s intellectual property. Google said that more 20 other companies had been infiltrated. McAfee’s CTO, George Kurtz said this figure is inaccurate, and that at least 30 companies were affected, maybe as many as 100. In response, the Chinese government calls these claims of the attack originating in China to be “groundless”.
So, how were a bunch of hackers able to target so many companies in one swift move? Kurtz believes that the common link between all the companies is that source code management software used was made by Perforce Software Inc, which made software for Google and other large corporations, making it “very easy to compromise the systems,” Kurtz said. Perforce Software’s president, Christopher Seiwald, said that these claims by McAfee are taken out of context, and that McAfee had reviewed the systems of Alameda, a California-based company’s software that had many of its security settings disabled, which is unlike other companies, who typically enable those settings. Kurtz goes on to say that the companies will have to review their entire source codes, to see what changes the hackers have made, as they could also have managed to add functions that would enable them to spy or hack into them again.