Google to stop US ally’s anti-terrorism ploy

Last week, Google’s cybersecurity teams (Project Zero and Threat Analysis Group) blogged that a single unidentified hacking group had used 11 unknown security vulnerabilities in a series of digital attacks over nine months in 2020. Google also revealed that the attacked software included the Safari browser on iPhones and many Google products, such as the Chrome browser on Android phones and Windows computers. What they haven’t revealed, however, is who the hackers might be.

Friday, MIT Technical Review published an article claiming that the hackers were from a Western government and were carrying out a counterterrorism operation. Google released a statement to the media explaining why it did not disclose who the hackers were.

“Project Zero is dedicated to the research and remediation of zero-day vulnerabilities, and the publication of technical research designed to advance the understanding of emerging security vulnerabilities and exploitation techniques within the research community.” , a Google spokesperson said in a statement.

“We believe that sharing this research leads to better defensive strategies and increases safety for everyone. We are not making attribution as part of this research. “

While it’s true that Project Zero doesn’t attribute the hack to specific groups, the Threat Analysis group does. Additionally, Google left out many more details about the attack, including whether or not the company warned government officials about the hacker in advance that they would end their efforts.

Google argued that what was important in this case was to fix the security holes, rather than focusing on who was directing the cyber attacks. Indeed, even if these attacks were carried out by a Western government, they could one day be used by infamous agencies, Google argued. The situation gives more weight to a discussion already underway on the secret activities carried out by a friendly government must be dealt with.

Security teams discovering vulnerabilities exploited by friendly personalities is not a rarity. So what’s interesting here is the fact that we get to write about it. Some Google employees have argued that such counterterrorism operations should not be disclosed to the public, while other employees have defended it, citing concerns about internet security and user protection.