Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aurora Attackers Were Looking For Google's Surveillance Database

Posted by Soulskill on from the go-big-or-go-home dept.

An anonymous reader writes "When in early 2010 Google shared with the public that they had been breached in what became known as the Aurora attacks, they said that the attackers got their hands on some source code and were looking to access Gmail accounts of Tibetan activists. What they didn't make public is that the hackers have also accessed a database containing information about court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies and terrorists. Whether this was the primary goal of the attacks as well as how much information was exfiltrated is unknown. current and former U.S. government officials interviewed by the Washington Post say that the database in question was possibly accessed in order to discover which Chinese intelligence operatives located in the U.S. were under surveillance."

5 of 81 comments (clear)

  1. Helpful hint. by khasim · · Score: 5, Insightful

    If you're a spy or diplomat or whatever, don't use Gmail. At the very least it is subject to the US government's laws. Get yourself a secured server somewhere else.

    1. Re:Helpful hint. by iggymanz · · Score: 5, Informative

      nonsense, overt communication of misinformation is a time honored counterintelligence technique. Real messages can also be covertly conveyed in the same channel

    2. Re:Helpful hint. by Nidi62 · · Score: 5, Insightful

      Uhm, like General Petraeus, former head of the CIA?

      Seriously, if our head of the top spy agency in this country is that stupid, how stupid do you think the rest of the diplomatic or legislative folks are in DC?

      He was a political appointee, what do you expect? He was actually never in any capacity a spy. He was an infantry officer and a teacher more than he was anything else until 2004 and after when he was overall commander of Iraq then Afghanistan. The director of any agency in the US is an administrator above all else.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    3. Re:Helpful hint. by RMingin · · Score: 5, Interesting

      Steganography plus photos of the "kids".

      Last word of every sentence plus a one time pad (NEVER EVER REUSE ONE TIME PADS. IT'S IN THE FUCKING NAME.).

      Simple coded phrases that seem innocuous. The garbage can spilled again. You need to stop letting that dog off the leash! I miss you and can't wait to see you next weekend. I want to do dinner at that Szechuan place again, I think it's gotten better.

      There are plenty of uses for an email account in intel/cointel. Sending plaintext messages over an uncontrolled service just isn't one of them.

      When in the field on an operation without official cover, the agent should assume that all actions and responses are monitored by the local and national cointel groups at all times. Communications should be deniable and overt. Email and public message boards are ideal, as they are fully deniable. The days of taping a tiny cannister full of microfiche to the bottom of a park bench ended forty-plus years ago. It's not hard to run deniable covert operations, you just need to be somewhat intelligent, recruit people who are likewise not stupid or lazy, and NEVER EVER take things for granted or relax.

      --
      The preceding comment is my own, and in no way construes an opinon of the Emperor of Mankind.
  2. Google the biggest fighter against govt data reque by raymorris · · Score: 5, Interesting

    The government certainly finds it useful to get search warrants and such to look at suspect's email, including gmail.
    That's very much not Google's doing. Google does more than any other company, probably any company in history, to fight against that.
    By law, they are required to honor National Security Letters asking them to give up information. Their policy is to refuse to provide the
    information, even though the law (since 1978) says they have to hand over the information. Google claims the law is unconstitutional and
    therefore void. In Doe versus Ashcroft, the judge agreed. (Courts have gone both ways.)

    Just two weeks ago Google filed suit to have these information requests ruled unconstitutional:
    https://www.documentcloud.org/documents/680852-googlemotion.html

    They are the only company I know of which publicizes how many supeonas and national security letters they get. That itself is thumbing their nose at the
    FBI because those letters include a gag order saying Google isn't allowed to talk about them. (Which is why their name wasn't made public in Doe v Ashcroft,
    they aren't allowed to reveal the things they revealed in that suit. (It's a pretty safe assumption that Doe was Goog.)

    Google has founded an organization to protect their users from such government intrusion and regularly funds other organizations with the same goal.
    No doubt, Google wants to HAVE information about you, but they do everything they can to avoid sharing that data with the government, with their
    executives actually risking jail time for openly defying the laws requiring them to give up the info. You can't possibly ask them to do more than that.