Wednesday Jun 19, 2013
|Google China hackers stole source code: Report|
A small number of employees who controlled source code management systems, which handle the myriad changes that developers make as they write software, were targeted said George Kurtz, CTO of McAfee. The details from McAfee show how the breach of just a single PC at a large corporation can have widespread repercussions across the broader business.
Google said in January that it had detected a cyber attack originating from China on its corporate infrastructure that resulted in the theft of its intellectual property. Google said more than 20 other companies had been infiltrated, and cited the attack, as well as Chinese Web censorship practices, as reasons for the company to consider pulling out of China.
Kurtz said on Wednesday that he believes that the hackers, who have not been apprehended, broke through the defenses of at least 30 companies, and perhaps as many as 100. According to him, the common link in several of the cases that McAfee reviewed is that the hackers used source code management software from privately held Perforce Software Inc, whose customers include Google and many other large corporations.
"It is very easy to compromise the systems," Kurtz said.
Perforce President Christopher Seiwald said McAfee performed its analysis on a version of the Alameda, California-based company's software that had many of its security settings disabled. Customers typically enable those settings, he said.
McAfee, has spent the past few months investigating the attacks. It declined to identify its clients.