Wired network compromised during the Google developer conference in Israel

Calcalist reports that the wired network in a recent google developers conference in Israel was hacked during the conference. I haven’t seen that report anywhere else, but the reporter Dora Kishinevski is fairly level headed with little tendency for sensational stories so I’m marking it as probably true.

According to the article, google sent a follow up email to the participants and warned them the network was compromised. This is interesting first because the attack was on the wired and not wireless Internet, which is considerably harder to do without being caught, and second because it reminds us how insecure gmail is over compromised lines (as opposed to, for example, a corporate VPN). I’m willing to bet close to 100% of the participants used gmail while in the google conference.

The article also quotes google as writing “We recommend you change your password, just in case, to any site you visited using the wired connection”. Definitely.

  • http://www.ybo-interactive.com yairb

    Here is the email sent by Google:

    Dear attendee,

    First of all thanks for attending Google Developer Day yesterday, we hope you found it useful. Unfortunately, we need to let you know about an incident which took place during the conference which you may need to take precautionary action on.

    We identified unauthorised activity on the public wired Ethernet network which was provided by the convention centre for conference attendees to access the Internet. This may have affected a limited number of attendees accessing websites and online applications through the wired Ethernet connection. We have no evidence so far to suggest that the wireless network also provided at the event, and which was used by most attendees, was affected.

    Due to the unauthorised activity, there is a chance that if you used the wired network, any user name and password entered to access a website may have been put at risk. When trying to access a secure website (a website using https), you may have received an alert indicating that the page had an invalid security certificate. In any case, we advise users as a precaution to change the passwords for any websites or services they accessed through the wired connection during the conference.

    We’re really sorry that this has happened but we believe that the vast majority of attendees won’t have been affected by this incident. In the meantime, we look forward to seeing you at future events very soon.

    The Google Developer Day Team

  • http://networksecurity.typepad.com/ Juha-Matti

    The source article is written in Hebrew, nice to see English coverage