Forgot your password?
typodupeerror
Google China Security The Internet

Aurora Attackers Were Looking For Google's Surveillance Database 81

Posted by Soulskill
from the go-big-or-go-home dept.
An anonymous reader writes "When in early 2010 Google shared with the public that they had been breached in what became known as the Aurora attacks, they said that the attackers got their hands on some source code and were looking to access Gmail accounts of Tibetan activists. What they didn't make public is that the hackers have also accessed a database containing information about court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies and terrorists. Whether this was the primary goal of the attacks as well as how much information was exfiltrated is unknown. current and former U.S. government officials interviewed by the Washington Post say that the database in question was possibly accessed in order to discover which Chinese intelligence operatives located in the U.S. were under surveillance."
This discussion has been archived. No new comments can be posted.

Aurora Attackers Were Looking For Google's Surveillance Database

Comments Filter:
  • Helpful hint. (Score:5, Insightful)

    by khasim (1285) <brandioch.conner@gmail.com> on Tuesday May 21, 2013 @08:13PM (#43789107)

    If you're a spy or diplomat or whatever, don't use Gmail. At the very least it is subject to the US government's laws. Get yourself a secured server somewhere else.

  • Re:Helpful hint. (Score:5, Insightful)

    by Nidi62 (1525137) on Tuesday May 21, 2013 @08:46PM (#43789315)

    Uhm, like General Petraeus, former head of the CIA? [networkworld.com]

    Seriously, if our head of the top spy agency in this country is that stupid, how stupid do you think the rest of the diplomatic or legislative folks are in DC?

    He was a political appointee, what do you expect? He was actually never in any capacity a spy. He was an infantry officer and a teacher more than he was anything else until 2004 and after when he was overall commander of Iraq then Afghanistan. The director of any agency in the US is an administrator above all else.

  • Re:Helpful hint. (Score:4, Insightful)

    by Jah-Wren Ryel (80510) on Tuesday May 21, 2013 @09:03PM (#43789423)

    If you're a spy or diplomat or whatever, don't use Gmail. At the very least it is subject to the US government's laws. Get yourself a secured server somewhere else.

    You are assuming these people were using gmail for clandestine communications. I'm pretty sure even the most basic opsec training would have covered the "don't use email for secret messages" ruie.

    What this looks like is a ruse - agents set up email accounts that are never used for spying purposes but are sufficient to attract exactly the kind of counter-espionage actions of getting the US to spy on the accounts. Then grab the list of accounts the US is spying on because that list is in the hands of google who don't have formal handling procedures for classified information and so are an easy target versus some system behind an air-gap firewall. Tada, now you know which spies have had their covers blown. It doesn't tell you which spies are still safe, but it does give positive confirmation of who has been exposed.

  • by girlinatrainingbra (2738457) on Tuesday May 21, 2013 @09:23PM (#43789569)

    The director of any agency in the US is an administrator above all else. And he didn't really get any on the job training to be a spy. So he believed all the baloney about using "secret gmail tricks" and the "draft folder" with two people logging into the same account to pass messages back and forth. He certainly wasn't going to trust someone else with his sexual escapades and moral turpitude, was he? It's not like your executive administrative assistant, even at the C.I.A., is trustworthy enough to help you out!!! (so unlike being the president and having the secret service boys know who's been [ahem] servicing you and keeping it confidential still yet...)

    He is that stupid. And so are most people. Every compu-geek is saying, geee why didn't they use P-geeee-pee or Gee-Pee-Gee or one-time-pads, or steganography in images of zebras!!! And people here think that they're a lot smarter than they really are, or probably are. Perhaps myself included! ;>) But hey, I've still got high school to finish and college to get through... Maybe I'll learn something along the way! We may know tech, but we're likely to bungle up other things on the way...

  • by s.petry (762400) on Tuesday May 21, 2013 @09:51PM (#43789773)
    While there may be laws on the books in the US protecting citizens from the CIA, NSA, DHS, FBI, etc...(goddamn long list of Govt. agencies) those laws have been ignored for a dozen years. Because people refuse to see it does not make it go away... It just means people can be Ostriches.
  • by Anonymous Coward on Tuesday May 21, 2013 @10:59PM (#43790167)

    Yeah, man, court's having the authority to make orders for records after a statutorily defined, and constitutionally restricted due process is totally Orwellian.

    (WTF?)

    The FBI can simply issue a National Security Letter, which has no actual review or oversight. You don't have any due process. They are not contestable, and it's illegal to tell anybody including your attorney that you even received one.
    Google is, in fact, one of the companies attempting to challenge these letters in court: http://www.wired.com/threatlevel/2013/04/google-fights-nsl/

    You want Orwellian, you got something pretty damn close right there.

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson

Working...