Sign In

Communications of the ACM

ACM News

Fearing Hackers Who Leave No Trace

View as: Print Mobile App Share:

The crown jewels of Google, Cisco Systems or any other technology company are the millions of lines of programming instructions, known as source code, that make its products run.

If hackers could steal those key instructions and copy them, they could easily dull the company’s competitive edge in the marketplace. More insidiously, if attackers were able to make subtle, undetected changes to that code, they could essentially give themselves secret access to everything the company and its customers did with the software.

The fear of someone building such a back door, known as a Trojan horse, and using it to conduct continual spying is why companies and security experts were so alarmed by Google’s disclosure last week that hackers based in China had stolen some of its intellectual property and had conducted similar assaults on more than two dozen other companies.

“Originally we were saying, ‘Well, whoever got it has the secret sauce to Google and some 30 other California companies, and they can replicate it,’ ” said Rick Howard, director of security intelligence at VeriSign iDefense, which helped Google investigate the Chinese attacks. “But some of the more devious folks in our outfit were saying, ‘Well, they could also insert their own code — and they probably have.’ ”

For example, a foreign intelligence agency might find it extremely useful to know who was asking particular questions of Google’s search engine.

Security researchers took particular interest in the fact that the Silicon Valley company Adobe Systems was one of the companies hit by the recent wave of attacks.

From The New York Times
View Full Article


No entries found