According to the NY Times, the source code for a global password system, called “Gaia” was stolen from Google during the recent Google hacker attacks. The systems seems to allow a single sign-on capability to a majority of Google services.
“… a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications.”
The software was stolen through a phising attack, when a Google China employee clicked on a link in instant messager that pointed to a compromised site. The attackers where then able to access the internal Google network through this employee’s PC.
Several technical experts said that because Google had quickly learned of the theft of the software, it was unclear what the consequences of the theft had been. One of the most alarming possibilities is that the attackers might have intended to insert a Trojan horse — a secret back door — into the Gaia program and install it in dozens of Google’s global data centers to establish clandestine entry points. But the independent security specialists emphasized that such an undertaking would have been remarkably difficult, particularly because Google’s security specialists had been alerted to the theft of the program.
Read the full article at NYTimes.com.