Google Blow-Back on Twitter Hack

When someone hacked into Twitter's internal Google Docs accounts and stole hundreds of sensitive company documents, Web professionals gasped as many of the company's most tightly guarded secrets were leaked to the press. It was only through the discretion of the operators of TechCrunch that Twitter's plans for the future weren't irrevocably exposed. And as we mentioned last week, the hack was a big black eye for Google (GOOG), whose cloud-based office software Twitter uses to store its secrets.

Now, Google could face some serious repercussions for the security breakdown. According to the Associated Press, the city of Los Angeles was preparing to use Google Apps to store critical law enforcement records, as well as send, receive, and store government e-mail. But several key city leaders are now calling for the city to re-evaluate the plan. Paul Weber, the head of the Los Angeles police union, has publicly complained that adopting Google cloud-based software could leave the records of key criminal investigations vulnerable to professional hackers, who could be hired by drug cartels to spy on the police department. "Any time you go to a Web-based system, that puts you just a little further out than you were before," he told the AP.

L.A. City Councilman Tony Cardenas echoed those concerns, and since he heads the committee that will consider adopting Google, that means a little something. On the other hand, he declared, "We can't say we are a first-class city and keep the same antiquated communication systems." So Google might live through this after all.

Meanwhile, TechCrunch reporter Nik Cubrilovic has been in furtive communication with "Hacker Croll," the elusive hacker who slid into Twitter's corporate accounts and swiped their plans. Here's who he is: an unemployed Frenchman who lives somewhere in Europe and is in his early 20s. And here's how he did it: Hacker Croll meticulously created a list of Twitter employees, their positions in the company, their e-mail addresses, and any other personal information he could find. Selecting one employee, he went to Gmail and asked the service to resend the employee's password. Gmail promptly sent the password to the employee's secondary e-mail service, a hotmail account. But the employee hadn't used hotmail for so long that hotmail had discontinued the account. Which meant anyone who wanted to use it only had to register. Hacker Croll did and was promptly sent the password for the Twitter employee's Gmail account.

And the rest is history. From there, Hacker Croll could gain access to other employees' mail, read sensitive documents, and download them to play with.

Cubrilovic reports that Hacker Croll has exposed a critical security weakness in the emerging world of corporate communications: companies whose records exist entirely in the cloud, as Google has long dreamed of. His story is well worth the reading in its entirety, but here's the key graf, where Cubrilovic explains the downside to doing what Google wants: