The Official Google Blog was hacked over the weekend, happening embarrassingly after Google had just posted about how seriously it takes security. It's also follows a pseudo-hack earlier this year, when someone else took over the Google Blog when the company accidentally deleted it.
The hack was covered in various places. Google Blogoscoped has a good write-up on what was initially posted (and screenshot here), an anonymous message saying that Google's click-to-call project had been cancelled:
After concientiously considering, Google has decided not to continue with Google Click-to-call project. The project has been in the media on last days because of the notice of Google agreement with e-Bay. We finally consider click-to-call agreement with e-Bay a monopolistic aproach that would damage small companies in the CRM area.
It felt like a hack to many, certainly to me as well, and I posted the same to Google Blogoscoped:
Got to be a hack. Especially notice what's currently tops on the Google blog, a post all about how "Google takes security very seriously and designs all of its services and applications to protect your privacy and data security." This almost certainly is someone reading how "we keep the bad guys out of our systems" and thumbing Google's nose to show nope, they don't.
That post from the Google Blog about security says in full:
Most readers of this blog are familiar with our mission to organize the world's information and make it universally accessible and useful. Maintaining the trust of our users and ensuring a positive experience using our products and services is paramount to our ability to accomplish our mission. As a result, Google takes security very seriously and designs all of its services and applications to protect your privacy and data security.
Behind the scenes of these efforts is the Google Security Team. We keep the bad guys out of our systems and have brought you features like the anti-phishing extension in Google Toolbar and warnings about Internet malware. As part of our commitment to security, we're putting up some additional help content to let users and security researchers know how to quickly contact us on these issues.
We've learned that when security is done right, it's done as a community, and this includes everybody: the people who use Google services (thank you all!), the software developers who make our applications, and the external security enthusiasts who keep us on our toes. These combined efforts go a long way toward making the Internet safer and more secure.
Please visit our new security page and feel free to contact us anytime at email@example.com.
The post is incredibly ironic given what's now posted at the top of the blog:
A bug in Blogger enabled an unauthorized user to make a fake post on the Google Blog last night, claiming that we've discontinued our AdWords click-to-call test. The bug was fixed quickly and the post removed. As for the click-to-call test, it is progressing on schedule, and we're pleased with the results thus far.
A bug, also known as a security problem. So much for that trust Google was hoping to maintain with its users. It also happens ironically after publicity about Google shifting attention to improving existing projects, rather than rolling out new ones.
Philipp Lenssen at Google Blogoscoped pointed out what a nice visual contrast the two posts make and posted a screenshot. I couldn't help doing the same:
In March, Google deleted its own blog accidentally, allowing someone else the ability to claim the old Google URL and keep the blog running for a short time outside of Google's control. Official Google Blog Deleted, Blogger Registers googleblog.blogspot.com has more about that.
Finally, the hacked post was published by someone calling themselves Maximal. I found a post from another Maximal on Google Groups asking for help recently with the Google Data API.
Hi, I am making tests with Google Data API to publish my posts. The problem is ... my posts are being published into "the Honourable Dr Mantombazana Tshabalala-Msimang South Africa's Minister of Health" blog (I don't have to say I am not the minister of health of South Africa).
Any help before Honourable Minister of Health of South Africa would speak with Interpol would be apreciated.