Friday, February 5, 2010

Google Said to Seek Spy Agency’s Advice After Attack

Feb. 4 (Bloomberg) -- Google Inc. sought assistance from the U.S. National Security Agency to bolster its computer security following an attack on Gmail accounts of Chinese human- rights activists, a person familiar with the situation said.

Members of the NSA’s information assurance unit, known as the blue team, went to Google at the company’s request several weeks ago to discuss details of the attack, said the person, who spoke on condition of anonymity.

The NSA plans to return to the company to continue to share information, the person said. So far, the NSA hasn’t discovered much beyond what the Mountain View, California-based company’s own cyber-security officials had found, the person said.

The Washington Post reported Google’s work with the NSA yesterday. Google, owner of the world’s most popular Internet search engine, declined to comment on the report. The NSA said in an e-mailed statement that the agency “works with a broad range of commercial partners,” declining to comment on any Google connection.

The NSA was responding to Google in much the same way it has to requests from other companies to look over the work they’ve done following a cyber attack, the person said, declining to name the other firms.

As in other cases, the NSA drew up a cooperative research and development agreement so Google and the agency could share information, the person said.


Cyber Attack


Google disclosed last month that it suffered “a highly sophisticated” cyber attack on its corporate infrastructure that originated in China. The company said Gmail accounts of Chinese human-rights activists were the targets of the attacks and its investigation found at least 20 large companies were affected.

Google said it may close its Chinese site and offices pending talks with China’s government about its restrictions on the content of searches.

Google fell $14.04 to $526.78 at 4 p.m. New York time on the Nasdaq Stock Market. The shares have lost 15 percent this year.

The Washington-based Electronic Privacy Information Center said it has filed a freedom of information request with the NSA for records about its relationship with Google. The group also seeks communications between NSA and Google about encryption on the company’s Gmail and other computer services, according to its Web site.


NSA’s Role


“We need to get a much better sense of NSA’s role and what legal constraints, if any, there are on it collecting personal information,” said Marc Rotenberg, executive director of the privacy group.

The NSA has technology that other government agencies don’t that could help Google, said Gregory Garcia, a former official at the Department of Homeland Security.

“This would be the kind of collaborative relationship that ultimately needs to happen across commercial enterprise” computer networks, said Garcia, former assistant secretary for cyber security and communications under President George W. Bush. “It isn’t about NSA reading our e-mails. It’s about keeping the bad guys from reading our e-mails.”

The NSA’s experience protecting government agencies give it the expertise to help companies as large as Google fend off sophisticated computer attacks, said Alan Paller, director of research at Bethesda, Maryland-based Sans Institute, which provides computer security training.


Web Site Hacks


“Almost all existing security tools have no capability to stop this,” he said. “An anti-virus tool is completely useless.”

U.S. Secretary of State Hillary Clinton has called on China to investigate the online intrusions. China’s government said it wasn’t involved. The issue of cyber security received additional attention after congressional Web sites were hacked last week and last month.

Today, the House of Representatives passed a bill to bolster U.S. cyber security and to require the Obama administration to conduct an agency-by-agency review of potential electronic weaknesses.

0 Comment :