Cyberattack targeted Google's vast password system

A high-profile cyberattack on Google discovered earlier this year primarily targeted the search giant's complex password system, according to reports.

Hackers in December gained access to that much-protected system, called Gaia, which allows millions to sign in only once to view their accounts across Google services, from Gmail to Google reader. The New York Times first learned of the extent of that breach this weekend, citing only unnamed sources.

From the Times:

The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program, according to the person with knowledge of the internal inquiry, who spoke on the condition that he not be identified.

By clicking on a link and connecting to a “poisoned” Web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer and then to the computers of a critical group of software developers at Google’s headquarters in Mountain View, Calif. Ultimately, the intruders were able to gain control of a software repository used by the development team.

Those same informants, however, later told the newspaper that it appeared no passwords or other forms of identifiable information had been stolen in the December attack.

Google this weekend declined to comment on the new information, stressing the company felt its "original blog post" on the attack was sufficient. For the most part, Google executives have revealed little about their ongoing investigation of a cyberattack it traced in January to two schools in China, a fiasco that ultimately prompted Google to cease censoring its content in China in violation of Beijing's stiff Web restrictions.