MOUNTAIN VIEW, Calif.--Google learned some hard security lessons after it was attacked late last year by hackers, CEO Eric Schmidt said Monday.
"Google is now particularly paranoid about that," Schmidt said during a question-and-answer session following Google's Atmosphere 2010 conference before about 400 CIOs. After the company learned that some of its intellectual property was stolen during an attack that originated from inside China, it began locking down its systems to a greater degree and accelerated plans to move to Web-based systems like Chrome OS netbooks.
The attacks took advantage of a flaw in Internet Explorer 6 that was quickly patched, although the damage had been done. More than 30 U.S. companies were believed to be targeted by the attacks, but Google was one of the few that publicly identified itself as a victim because "we decided we had to tell people as a warning," Schmidt said.
He declined to get into the specifics of how the attackers penetrated Google's security but said the attackers broke into a single system with the outdated browser and were then able to take "a series of steps" to wreak wider havoc. Google tightened its external defenses and moved quickly to update all the software within its walls following the deconstruction of the attack.
Schmidt urged attendees to make sure every computer inside their walls is running the latest version of whatever browsers and operating systems they are using. And he said that Google would start using more Web-based computing products--like Chrome OS--sooner rather than later.
"Our Web services and Web platforms will be inherently more secure" than alternatives, Schmidt said. "Hold us to this."