I felt a strange presence after reading HACKS made in GOOGLE for the past years. I always imagine Google as a Big massive ball of fire and it engulfs you with its flame (look what happened to yahoo?) However, in the back of my mind a doubt is always recurring. Just like some of the millions of citizens in this cyberspace arena. They also would like to know the answer for this simple question.
“What will Google do if its hacked?
So, I did a little research and to my delightment at www.itsecurity.com it revealed a list of the top 6 hacks made to google for this past years.
So BELIEVE IT OR NOT here they are! (In no particular order)
1. Google’s Click-to-Call project mysterious post
In October 2006, a mysterious post about Google’s Click-to-Call project appeared on the official Google blog. This post says that “Google made a decision to cancel a joint project with eBay because it would be “a monopolistic approach that would damage small companies in the CRM area.” After noticing, Google makes sure that the post was taken down.
Karen Wickre, of the Google Blog team, wrote a response to address the issue in “About that fake post“. Wickre notes that a Blogger “bug,” also known as a security problem, was to blame for enabling the unauthorized post. She reported that the bug was fixed, but did not offer any other details about the breach.
Doesn’t sound really nasty. Just a “little” post like that? It’s possible that its only a “prank” or an inside job from google employees who is a part of the GOOGLE-CLICK-PROJECT. Anyway, for sure geeks of Google security increase the grade of their lenses to another notch to avoid happening that “mystery” again. Who knows what could have happened if that “blog post” sync to the majority of members of EBAY?
2. Adwords Account Hacked
In April 2007 adwords accounts were hacked. Somehow, a malicious file was installed on users’ systems. This file was used to steal the users’ AdWords passwords and gain access to their accounts. The program then set up ads that changed the users’ AdWords campaigns. Most notably, the changes included setting up links that would install a post logger, a type of malware, on the computer of anyone who clicked the link. The malicious program also modified credit card information and prevented the users’ computers from accessing AdWords to see all of the changes on their accounts.
Google responded to the attack by reporting that they had canceled the accounts that were compromised and assured users that they were taking the steps necessary to keep something like this from happening again. Google also encouraged users to keep their computer’s security up to date as the vulnerability was only successful because victims had not incorporated recent patches into their Internet Explorer browsers.
For some people who still doesn’t know what is adwords. It’s one of the preferred way of companies and other freelance publisher to advertise their websites to drive more traffic. It’s said that having more traffic MEANS more cash.
If Google Adwords is breached, then its highly possible that accounts along with their connected credit card information were also stolen too by this MALWARE. Now the problem is:
GOOGLE RESPONDED BY CANCELLING THE ACCOUNT OF THE ACCOUNTS THAT WERE COMPROMISED?
I just hope Google checked those innocent accounts first! Before CLOSING it. Not all people who use adwords has big money on their wallets. There should be some sort of compensation given to the victims equaled to what is stolen from them if ever there was. Not cancellation of accounts. What if this hack happened again (I hope not) Will google just automatically close accounts? Doesn’t sound fair right?
3. Oops! Google Deletes itself twice!
In March 2006, a Digg user claimed that his friend hacked the official Google blog. The “hacker” left a post on a blog at Google’s address. The post explains how he was able to gain access: the Google blog would not come up, so the poster attempted to register the name and it worked. Of course, on Digg, he claims to have figured out the password. These two stories do not correlate, but to determine how they match up would be irrelevant, considering that the post did not constitute a real hack. Jason Goldman, Google’s Blogger Product Manager, posted “And we’re back,” explaining that Google had accidentally deleted their own blog. D’oh! This left it open to be claimed by the poster. He clarifies that the unauthorized post “was not a hack, and nobody guessed [Google’s] password.”
Unfortunately, Google did not learn anything from this experience. In April 2007, a post on the Google Mac blog suggests that it, too, was taken over in the same way. Poster “Vishal” writes, “Yo! This is crazy…I tried to register this and I could!” The post was deleted and things are again back to normal for the Google Mac blog. So far, Google has not acknowledged or offered an explanation for this post, but it seems safe to assume that the Google Mac blog was accidentally deleted, and thus left open to registration by the general public. Again.
I know its not everyday that Google is hacked. So once a certain “dude” manage to get inside google’s private area may it be a blog, forums etc. It’s a BIG DEAL! and their egos rise faster than a bazooka. I guess we can’t can’t blame these folks. For what it’s worth, they just HACKED BIG G. I only notice one thing?
Why did the hack REPEAT itself on April 2007?
Did Google paid any attention at all? Maybe, It’s only a simple “hack-a-blog” but for some users, feeling that their accounts are unsafe makes them really ticked!
4. In the Cookie Jar
Imagine this: a hacker sets up a Web site with script designed to steal your google.com cookies. Then, they submit this Web site to Digg or Slashdot under the premise that it’s a hot story. Any person who visits that site with active google.com cookies could end up with compromised cookie information, allowing the hacker access to their Gmail, search history, documents and more. It’s a frightening story, and one that could have happened had a white hat hacker not discovered the security hole first.
Tony Ruscoe of Google Blogoscoped discovered a vulnerability in Blogger’s custom domain service. This vulnerability, he noticed, left users open to cookie security problems. He realized that if someone were to enter a Google subdomain as their Blogger custom domain, it would work as long as Google hadn’t already set up a blog at that particular address. Here’s the kicker: using the Google subdomain would allow the owner of the Web site to read and write google.com cookies. Yes, the cookies that hold personal information, including passwords.
Google Security quickly wiped out Tony’s proof of concept page and redirected erroneous subdomains to a “blog not found” page. As a result, presumably, Blogger no longer allows any Google domains to be entered in Blogger’s custom domain function. Hopefully Google has thanked this white hat hacker for exposing this vulnerability before it got into the wrong hands and enabled a serious breach of user privacy. The results of this hole could have been catastrophic.
It’s said, that a WHITE HAT HACKER found this LOOP hole. Try to imagine how many BLACK HAT HACKERS abused this bug before it was discovered? Lucky for us, our gmail account is still here and remained untouched.
Google should not only thank this white hat hacker but should have create an open-source group for white hackers to check loop holes in their systems.
FYI: There are millions of forums today, discussing how to exploit/hack Google. These people are ready not to eat or even sleep just to accomplished their black propagandas. I hope BIG G is paying attention on this one.
5. Gmail Contact List Hijacking
Because this vulnerability was exposed with Gmail in beta, Google did not have to report it. However, numerous blogs picked up the story, as well as Digg and Slashdot. Google fixed the problem about 30 hours after being notified. Perhaps security issues like this are the reason why Gmail is still in beta.
My reply: This is one of the reason, why we, of all the people should understand that in online. The term “100% SECURITY” is absurd and a hazy manifestation of what is happening for real.
6. Lots of Hype, No Hack
In May 2005, users who visited Google Search came upon an unexpected surprise: it wasn’t there. To top this disheartening experience off, there were quite a few reports of a website, SoGoSearch, showing up instead. Not surprisingly, the blogosphere reacted, initially reporting that Google’s domain was hijacked. As the story unfolded, it became apparent that Google was not hacked. Rather, they were experiencing problems with their DNS. As for the SoGoSearch Web site, experts explain that browsers redirected to it when they were unable to find google.com. SoGoSearch has the domain name google.com.net.
My reply: Imagine that happening again, and the redirection was to another “SOGOSEARCH”, but this time, that SOGOSEARCH is a hacking website that steal information of people who visits that site via their cookies. It’s just a possibility that seems very disturbing if it becomes the reality!
Today, Google is the most preferred way of searching through the internet. Billions of people rely on google’s service. Just a simple “glitch” could lead to an immense catastrophe if Google will be infiltrated by yet another “web-crooks”.
(sources: itsecurity, google)