A Virginia research firm, NetWitness, has uncovered the digital tracks of a cyberattack called "Kneber" that, over the past 18 months, has systematically compromised close to 2,500 companies and government agencies and at least 75,000 computers around the world, The Wall Street Journal reported this week.
Hackers in Europe and China executed the attack, which, according to the Journal's reporting, has exposed secret documents and sensitive personal information, including credit card transactions. Merck & Co. (NYSE: MRK ) , Cardinal Health (NYSE: CAH ) , Juniper Networks (Nasdaq: JNPR ) , and Viacom's (NYSE: VIA ) Paramount Pictures were among the victims.
We don't know whether Kneber found its way past Google's (Nasdaq: GOOG ) defenses, but it's precisely this sort of cyberattack that represents the nightmare scenario for The Big G.
Google isn't like any other cloud computing vendor. Only one password is required to access a Google account and a wide range of services -- from mail, to documents, to messaging, to calendaring, and so on. Breach the main gate, the theory goes, and you've access a treasure trove of secret data.
A lesson from Twitter
This domino effect helped a French hacker break into Twitter's Google Apps account months ago, stealing documents that revealed its plans to build a $100-million-a-year business.
If IT managers are paranoid about committing to cloud computing, Twitter's security snafu is at least part of the reason why. And that affects Google, as does the hysteria over this latest breach.
It's a big problem: The Big G doesn't say much about how it handles security. So, rumors swirl about the company is cooperating with the National Security Agency in the wake of a successful attack on its Chinese site. A recent round of meaningless glad-handing with members of the U.S. Senate has done nothing to answer remaining questions.
I've no doubt Google is serious about security. I just want to know how serious. As a customer and investor, I need to know the size of the risk I'm facing.
Should Google say more about how it handles security? Make your voice heard using the comments box below.