Cyberattack Targeted Google Password System

The mysterious January Internet attack against Google included an attempt to hack a vital company-wide password system, according to a source with direct knowledge of the investigation who spoke on background with The New York Times. The system is said to control user access to most of Google's Web services, e-mail and business applications.

The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said. Described publicly only once at a technical conference four years ago, the software is intended to enable users and employees to sign in with their password just once to operate a range of services.

The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.

The new details seem likely to increase the debate about the security and privacy of vast computing systems such as Google's that now centralize the personal information of millions of individuals and businesses. Because vast amounts of digital information are stored in one place, popularly referred to as "cloud" computing, a single breach can lead to disastrous losses.

When news of the attack initially became public, it soon led to a months-long row between Google and China, ultimately resulting in a decision by the company to reroute search queries to  its Hong Kong site. The Times reports that investigators believe that the origin of the attack, once thought to center at two campuses in China,  "may have been concealed."