The Chinese hackers who breached Google’s corporate servers 41 months ago gained access to a database containing classified information about suspected spies, agents, and terrorists under surveillance by the US government, according to a published report.
The revelation came in an article published Monday by The Washington Post, and it heightens concerns about the December, 2009 hack. When Google disclosed it a few weeks later, the company said only that the operatives accessed Google “intellectual property”—which most people took to mean software source code—and Gmail accounts of human rights activists.
Citing officials who agreed to speak on the condition that they not be named, Washington Postreporter Ellen Nakashima said the assets compromised in the attack also included a database storing years’ worth of information about US surveillance targets. The goal, according to Monday’s report, appears to be unearthing the identities of Chinese intelligence operatives in the US who were being tracked by American law enforcement agencies.
The article continued:
It’s unclear how much the hackers were able to discover. But former US officials familiar with the breach said the Chinese stood to gain valuable intelligence. The database included information about court orders authorizing surveillance—orders that could have signaled active espionage investigations into Chinese agents who maintained e-mail accounts through Google’s Gmail service.
“Knowing that you were subjects of an investigation allows them to take steps to destroy information, get people out of the country,” said one former official, who like others interviewed for this article, spoke on the condition of anonymity to discuss a highly sensitive matter. The official said the Chinese could also have sought to deceive US intelligence officials by conveying false or misleading information.
The revelation comes one month after CIO magazine reported that a senior Microsoft official suggested that the hackers behind the Google attack were seeking to identify accounts that were under surveillance by US national security and law enforcement agencies.
“If you think about this, this is brilliant counterintelligence,” said David Aucsmith, senior director of Microsoft’s Institute for Advanced Technology in Governments. “You have two choices: If you want to find out if your agents… have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That’s essentially what we think they were trolling for, at least in our case.”
The 2009 hack on Google was carried out using a spear phishing e-mail that tricked employees into clicking on a malicious link. The attackers then exploited a then-unknown and unpatched vulnerability in the latest version of Microsoft’ s Internet Explorer 6 browser, allowing them to remotely control the computers that accessed the drive-by exploit. Some 34 other companies were also targeted in the campaign. Google was the only one of them to publicly acknowledge that it had been hacked.