Because Google had failed to install a security patch to a software program that remotely tracks and controls building systems, the hackers could have easily raised the office's temperature to an unbearable level or caused water pipes to burst by increasing pressure.
Luckily for Google, the hackers were working for Cylance, an Irvine company that has been grabbing headlines for uncovering security holes that could allow malicious hackers to do serious damage to crucial infrastructure such as hospitals, oil pipelines and banking systems.
The hacking demonstrations are how the company (pronounced as "silence'') showcases its work in developing what it says is the ultimate antivirus warrior.
"We want to help avoid the cyber-Sept. 11," Chief Executive Stuart McClure said. "We have to silently protect -- it's in our name."
The 1-year-old startup says many facilities now use devices and companion software that are just as vulnerable as those used at several Google locations and in more ordinary local office spaces. In Los Angeles, hotels, USC classrooms and a major movie studio run the same computer program online as Google's Wharf 7 facility in Sydney.
"The software security in the Nintendo Wii or even iTunes far surpasses the security software in these devices," Cylance technical director Billy Rios said.
The company is hoping to tap a burgeoning market. Worldwide spending on cybersecurity should reach $46 billion this year in crucial industries such as energy, communications, finance, health care and transportation, according to an ABI Research report released in June.
In the six months that ended May 31, federal officials noted more than 200 attacks on crucial infrastructure. The previous 12 months saw 198 incidents.
Congress remains divided about whether to make cybersecurity standards mandatory for crucial infrastructure operators. Analysts have called for more research, development and regulation -- areas in which Cylance wants to lead.
The company's main service is helping companies find vulnerabilities and attackers. McClure, who previously worked at popular antivirus software maker McAfee, said that in two-thirds of cases, a company already has an intruder lurking in its computer network.
"We're looking for flaws through a bad guy's glasses, exposing that dark and visible world, and looking for the bad guys and any other undesirables who might be there," he said.
Dozens of firms offer similar security services, but McClure says his company is focused on creating an artificial intelligence system capable of blocking future threats.
Typically, firewall or antivirus software can stop only those intruders who have been seen before. Cylance's mission is like creating a vaccine for a virus that doesn't exist yet or using facial recognition to nab a future robber who hasn't even been born.
"We're using artificial intelligence to understand what's good and bad in real time and devising a model to predict what's good and bad in the future," McClure said.
The machine is fed with intelligence from its researchers.
In May, Rios and colleague Terry McCorkle publicly revealed the Google incident with permission from the technology giant. Rios, who once worked for Google's security team, says Cylance is finding new problems every week.
Badge readers, security cameras and anything else loosely connected to the Internet can be an entrance for hackers. The systems weren't necessarily designed to be Internet-facing, and they've become a blind spot for organizations. Rios said the best solution is placing the devices within a virtual private network, a slice of the Internet accessible to only credentialed users.
"I don't want to be in a building that doesn't like me," Rios said. "Even a simple thing like turning off the air conditioning could be really disruptive to a business."