In January 2010, Google shocked the cyber world by confessing it had been the target of an advanced persistent threat lasting months and mounted by hackers connected to China's People Liberation Army.
"[We] have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists," Google Senior Vice President and Chief Legal Officer David Drummond wrote in blog post at the time.
Now, more that three years after that posting on what came to be known as Operation Aurora, it appears that the cyber marauders were after more than just information on activists. They were also after information on investigations on Chinese spies in the United States being conducted by the FBI and U.S. Department of Justice.
The Aurora hackers gained access on Google's servers to a database that contained information on U.S. surveillance targets, the Washington Post reported on Monday, citing former and current government officials as sources for the story.
Such information would be invaluable to China because it would allow its intelligence operatives to destroy information before counter intelligence agents got their hands on it and allow the spies to evade capture and prosecution.
The database included years of surveillance information, including thousands of court orders issued to law enforcement officials around the nation seeking to monitor suspects' email, as well as classified orders targeting foreign subjects and issued under the Foreign Intelligence Surveillance Act.
The incident set off a tiff between Google, the DOJ and FBI, the Post reported, because the federal agencies wanted to access the company's technical logs and other information about the breach to assess the potential damage done to its counter espionage efforts.
Google representative Jay Nancarrow said in an email that the company is not commenting on the matter at this time.
Google wasn't a lone target in Operation Aurora. More than 20 companies were attacked, including Adobe Systems, Juniper Networks, Rackspace, Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical.
Last month, a Microsoft executive said that the Aurora bandits had also breached his company's servers snooping for accounts it had lawful wiretap orders on. Since that time, the executive has recanted those remarks.
"I was referring to statements in the media from the January 2010 timeframe," Dave Aucsmith, senior director for Microsoft's Institute for Advanced Technology, said in a statement.
"My comments were not meant to cite any specific Microsoft analysis or findings about motive or attacks, but I recognize that my language was imprecise," he added.
Matt Thomlinson, Microsoft's general manager for trustworthy computing and security added in an email, "The so-called 'Aurora' attacks did not breach the MS network."
Sign up for CIO Asia eNewsletters.