Wednesday, April 21, 2010

More on the Google Hacks

Via Washington Post - Google hackers duped system administrators to penetrate networks, experts say:
The hackers who penetrated the computer networks of Google and more than 30 other large companies used an increasingly common means of attack: duping system administrators and other executives who have access to passwords, intellectual property and other information, according to cybersecurity experts familiar with the cases.
"Once you gain access to the directory of user names and passwords, in minutes you can take over a network," said George Kurtz, worldwide chief technology officer for McAfee, a Silicon Valley computer security firm that has been working with more than half a dozen of the targeted companies.
...

"The bottom line here is if your company has any business dealings with China or has extremely valuable technology or intellectual property, you have a high likelihood of being a target," said Rob Lee, a director with Mandiant, a security firm that is working with some of the targeted companies.

He said he believes the same group or groups that have targeted Google and the other companies have penetrated "hundreds if not thousands" more firms. They target not only system administrators but anyone with privileged access to a company's network, he said.

Also see our post yesterday, Google Password Breach: Reason Anew To Doubt Security in the Cloud? and Dave Bilinsky's similarly-minded commentary at Slaw, Can You be too Paranoid?

- Garry J. Wise, Toronto

Visit our Toronto Law Firm website: www.wiselaw.net

EMPLOYMENT LAWCIVIL LITIGATIONWILLS AND ESTATESFAMILY LAW & DIVORCE

ORIGINALLY POSTED AT WISE LAW BLOGSUBSCRIBE TO WISE LAW BLOG

No comments:

Post a Comment

Readers are solely responsible for the content of the comments they post here. Comments are subject to the site's terms and conditions of use and do not necessarily reflect the opinion or approval of Wise Law Blog and the writers thereof. Readers whose comments violate the terms of use may have their comments removed without notification.