“Hackers who breached Google and other companies in January targeted source-code management systems, security firm McAfee asserted Wednesday. They manipulated a little-known trove of security flaws that would allow easy unauthorized access to the intellectual property the system is meant to protect.

The software-management systems, widely used at businesses unaware that the holes exist, were exploited by the Aurora hackers in a way that would have enabled them to siphon source code, as well as modify it to make customers of the software vulnerable to attack. It’s akin to making yourself a set of keys in advance for locks that are going to be sold far and wide.

A white paper released by security firm McAfee during this week’s RSA security conference in San Francisco provides a couple of new details about the Operation Aurora attacks (.pdf) that affected 34 U.S. companies, including Google and Adobe, beginning last July. McAfee helped Adobe investigate the attack on its system and provided information to Google about malware used in the attacks.”

(‘Google’ Hackers Had Ability to Alter Source Code | Threat Level | Wired.com)