It appears that the hack against Google was perpetrated via their law enforcement compliance system.
As an eminent group of security experts argued in 2008, the trend toward building surveillance capability into telecommunications architecture amounts to a breach-by-design, and a serious security risk. As the volume of requests from law enforcement at all levels grows, the compliance burdens on telcoms grow also—making it increasingly tempting to create automated portals to permit access to user information with minimal human intervention.
In other words, Google (and other comms companies) are required to build systems for providing wiretaps to government authorities.
That’s like catnip to hacker. If you want to reveal secrets in a system, target the area that’s designed for revealing secrets. Brilliant.
