Massive hack Google foiled was in fact a counterterrorism operation – BGR

Security researchers routinely reveal software vulnerabilities that hackers can exploit, or even have exploited in the past. In some cases, these are software issues that were not used to hack or spy on users. In others, researchers identify malware and hacks that are actively used in nature. By the time they release information about the attacks, companies whose code has been attacked have already released updates to correct the issues. And security researchers typically report when they think the hacks are too sophisticated for an ordinary hacker to pull off.

Google runs an infamous security team at Project Zero that scans all kinds of operating systems and products for vulnerabilities. Since January, the team has produced research highlighting 11 zero-day exploits used to compromise Android, iPhone, and Windows. In January, scientists at Project Zero highlighted the sophistication of the attacks that used previously unknown vulnerabilities in Chrome and Safari code. It turns out the hackers behind the campaign Google uncovered were from a nation state. They were part of a counterterrorism operation initiated by a Western ally, and the operation was underway when Project Zero began to reveal software glitches.

Top Deal of the Day Cook the perfect steak and chicken every time with this brilliant find from Amazon for $ 34! List of prices:$ 49.99 Price:$ 33.99 You save:$ 16.00 (32%) Available on Amazon, BGR may receive a commission Buy now Available on Amazon BGR may receive a commission

Whenever hackers backed by American rivals are responsible for newly discovered attacks, some researchers claim the hacks originate from China, North Korea, or Russia. But Google’s Project Zero didn’t point the finger while revealing these 11 zero-day bugs. The decision to end the cyberattack from a Western ally has apparently sparked controversy within Google, MIT Technology Review discovered.

It is not known which Western government used the sophisticated attack or what kind of counterterrorism operation they were conducting. the WITH The report states that Google may have intentionally withheld the identity of the attackers. Google could know precisely who the hackers are and what the operation was. It’s also unclear whether Google notified the attackers before publicly revealing the zero-day vulnerabilities.

Some Google employees have apparently argued that counterterrorism operations should be banned from public disclosure. Others say Google had the right to protect the company’s products from impending attacks that could harm end users. Google defended its actions in a statement:

Project Zero is dedicated to finding and remediating 0-day vulnerabilities, and publishing technical research designed to advance the understanding of emerging security vulnerabilities and exploitation techniques in the research community. We believe that sharing this research leads to better defensive strategies and increases safety for all. We are not making attribution as part of this research.

Attackers used novel “waterhole” techniques to inject malware into unknown websites and deliver them to targets running Chrome and Safari on Android, iPhone and Windows devices. The attackers exploited the 11 zero days in just nine months, starting in February 2020. The level of sophistication and speed of the attack is what troubled researchers.

A former senior US intelligence official said WITH that Western operations are recognizable, and that’s because of local laws that impact what spy agencies can and cannot do:

There are some characteristics of western operations that are not present in other entities… you can see this reflected in the code. And this is where I think one of the key ethical dimensions comes into play. How one deals with intelligence or law enforcement activities conducted under democratic control in a legally representative government. elected is very different from that of an authoritarian regime.

Surveillance is integrated into Western operations at the technical, artisanal and procedural levels.

It is unclear to what end the counterterrorism operation could have been paralyzed, and these are the kinds of secrets that will likely never be revealed to the public. The fact that so many vulnerabilities were discovered quickly is still annoying, as other experienced hackers could have found and exploited them – which is ultimately why Google chose to reveal the information. The bright side of these revelations is that Western spies were targeting specific groups of people, meaning most Android, iPhone, and Windows users shouldn’t be affected.

As always, when software vulnerabilities are revealed, the best solution is to install all available operating system updates and update all applications. the MIT Technology Review The story is worth a full read – it’s available at this link

Top Deal of the Day This $ 32 gadget has gone viral on TikTok and now Amazon can’t keep it in stock! List of prices:$ 35.99 Price:$ 32.39 You save:$ 3.60 (10%) Available on Amazon, BGR may receive a commission Buy now Available on Amazon BGR may receive a commission