Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aurora Attackers Were Looking For Google's Surveillance Database

Posted by Soulskill on from the go-big-or-go-home dept.

An anonymous reader writes "When in early 2010 Google shared with the public that they had been breached in what became known as the Aurora attacks, they said that the attackers got their hands on some source code and were looking to access Gmail accounts of Tibetan activists. What they didn't make public is that the hackers have also accessed a database containing information about court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies and terrorists. Whether this was the primary goal of the attacks as well as how much information was exfiltrated is unknown. current and former U.S. government officials interviewed by the Washington Post say that the database in question was possibly accessed in order to discover which Chinese intelligence operatives located in the U.S. were under surveillance."

6 of 81 comments (clear)

  1. Helpful hint. by khasim · · Score: 5, Insightful

    If you're a spy or diplomat or whatever, don't use Gmail. At the very least it is subject to the US government's laws. Get yourself a secured server somewhere else.

    1. Re:Helpful hint. by Nidi62 · · Score: 5, Insightful

      Uhm, like General Petraeus, former head of the CIA?

      Seriously, if our head of the top spy agency in this country is that stupid, how stupid do you think the rest of the diplomatic or legislative folks are in DC?

      He was a political appointee, what do you expect? He was actually never in any capacity a spy. He was an infantry officer and a teacher more than he was anything else until 2004 and after when he was overall commander of Iraq then Afghanistan. The director of any agency in the US is an administrator above all else.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    2. Re:Helpful hint. by Jah-Wren+Ryel · · Score: 3, Insightful

      If you're a spy or diplomat or whatever, don't use Gmail. At the very least it is subject to the US government's laws. Get yourself a secured server somewhere else.

      You are assuming these people were using gmail for clandestine communications. I'm pretty sure even the most basic opsec training would have covered the "don't use email for secret messages" ruie.

      What this looks like is a ruse - agents set up email accounts that are never used for spying purposes but are sufficient to attract exactly the kind of counter-espionage actions of getting the US to spy on the accounts. Then grab the list of accounts the US is spying on because that list is in the hands of google who don't have formal handling procedures for classified information and so are an easy target versus some system behind an air-gap firewall. Tada, now you know which spies have had their covers blown. It doesn't tell you which spies are still safe, but it does give positive confirmation of who has been exposed.

      --
      When information is power, privacy is freedom.
  2. He is that stupid. And so are most people. by girlinatrainingbra · · Score: 1, Insightful

    The director of any agency in the US is an administrator above all else. And he didn't really get any on the job training to be a spy. So he believed all the baloney about using "secret gmail tricks" and the "draft folder" with two people logging into the same account to pass messages back and forth. He certainly wasn't going to trust someone else with his sexual escapades and moral turpitude, was he? It's not like your executive administrative assistant, even at the C.I.A., is trustworthy enough to help you out!!! (so unlike being the president and having the secret service boys know who's been [ahem] servicing you and keeping it confidential still yet...)

    He is that stupid. And so are most people. Every compu-geek is saying, geee why didn't they use P-geeee-pee or Gee-Pee-Gee or one-time-pads, or steganography in images of zebras!!! And people here think that they're a lot smarter than they really are, or probably are. Perhaps myself included! ;>) But hey, I've still got high school to finish and college to get through... Maybe I'll learn something along the way! We may know tech, but we're likely to bungle up other things on the way...

  3. Re: "highering" is right! by s.petry · · Score: 2, Insightful

    While there may be laws on the books in the US protecting citizens from the CIA, NSA, DHS, FBI, etc...(goddamn long list of Govt. agencies) those laws have been ignored for a dozen years. Because people refuse to see it does not make it go away... It just means people can be Ostriches.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  4. Re:Google, Big Brother's Helper ? by Anonymous Coward · · Score: 2, Insightful

    Yeah, man, court's having the authority to make orders for records after a statutorily defined, and constitutionally restricted due process is totally Orwellian.

    (WTF?)

    The FBI can simply issue a National Security Letter, which has no actual review or oversight. You don't have any due process. They are not contestable, and it's illegal to tell anybody including your attorney that you even received one.
    Google is, in fact, one of the companies attempting to challenge these letters in court: http://www.wired.com/threatlevel/2013/04/google-fights-nsl/

    You want Orwellian, you got something pretty damn close right there.