BOSTON – The hackers behind the attacks on Google Inc and dozens of other companies operating in China stole valuable computer source code by breaking into the personal computers of employees with privileged access, a security firm said on Wednesday.
The hackers targeted a small number of employees who controlled source code management systems, which handle the myriad changes that developers make as they write software, said George Kurtz, chief technology officer at anti-virus software maker McAfee Inc.
The details from McAfee show how the breach of just a single PC at a large corporation can have widespread repercussions across the broader business.
Google said in January that it had detected a cyber attack originating from China on its corporate infrastructure that resulted in the theft of its intellectual property. Google said more than 20 other companies had been infiltrated, and cited the attack, as well as Chinese Web censorship practices, as reasons for the company to consider pulling out of China.
The Chinese government has said that Google’s claim that it was attacked by hackers based in China was “groundless.”
Kurtz said on Wednesday that he believes that the hackers, who have not been apprehended, broke through the defenses of at least 30 companies, and perhaps as many as 100.
He said the common link in several of the cases that McAfee reviewed is that the hackers used source code management software from privately held Perforce Software Inc, whose customers include Google and many other large corporations.
“It is very easy to compromise the systems,” Kurtz said.