Google's Single Sign-On Password System Gaia Hit by Cyberattack

Google's password system that controls access by millions of users worldwide was recently hit with an attack that roots back to January when data was compromised from sophisticated cyberattacks reportedly originated from China.

Google's prized password system controls access to almost all of the company's Web services, which include business applications and email. The password program, code named Gaia which means Greek goddess of the earth, is used to enable users to sign into several services at once with just one password entry. The cyberattack against this system does not appear to have stolen passwords of Gmail users as Google is quickly making significant changes to the security infrastructure of its networks.

Some computer security experts believe this latest attack on Google could allow attackers to find weaknesses that Google is not yet aware of. This sparks the debate over whether large computing systems that centralize personal information of millions of their users could be a security issue in the near future. Cloud computing is another example of large amounts of personal data stored in a single cluster of computers. Many believe that this could lead to great losses and theft of data if precautions are not taken soon.

The recent attack was initiated by a Google employee in China receiving an instant message using Microsoft's Messenger application. The person has not been identified as of yet but by him/her clicking on a link within a particular instant message, it connected the system to a malicious site and then unknowingly gave the intruders access to the computer. From there the attacker was able to gain access to another group of computers belonging to software developers at Google's headquarters giving the hackers control of software repository used by the development team.

Accusations back in January of Chinese government interaction on the attacks against Google drew a lot of attention. With the latest attack it will only stir the pot even more. Google will not implement an extra layer of encryption as they continue to use the Gaia system or what is now referred to as Single Sign-On.

Although the intent of the attackers is not clear, one of the greater feats of the recent attack against Google is if the hackers may have intended to insert a Trojan horse that could later open up a secret backdoor. Since the cyberattack, Google has reportedly said they have proof of the attack initiating from China. Either way, this obviously does not help any relations between Google and China.