But Western operations are recognizable, according to a former senior US intelligence official.
“There are certain characteristics of Western operations that are not present in other entities … you can see it translated into the code,” said the former official, who is not authorized to comment on operations and s ‘is expressed on condition of anonymity. “And that’s where I think one of the main ethical dimensions comes into play. The way one deals with intelligence or law enforcement activities conducted under democratic control in representative government. legally elected is very different from that of an authoritarian regime.
“Surveillance is integrated into Western operations at the technical, artisanal and procedural level,” they added.
Google discovered that the hacking group exploited 11 zero-day vulnerabilities in just nine months, a high number of exploits in a short period of time. The attacked software included the Safari browser on iPhones but also many Google products including the Chrome browser on Android phones and Windows computers.
But the conclusion within Google was that who hacked and why is never as important as the security breaches themselves. Earlier this year, Project Zero’s Maddie Stone argued that it’s too easy for hackers to find and use powerful zero-day vulnerabilities and his team faces an uphill battle detect their use.
Instead of focusing on who was behind and targeted by a specific operation, Google decided to take broader measures for everyone. The rationale was that even if a Western government was the one that exploited these vulnerabilities today, it will eventually be used by others, and therefore the right choice is still to fix the loophole today.
“It’s not their job to understand”
This is far from the first time that a Western cybersecurity team has caught hackers from allied countries. Some companies, however, have a quiet policy of not publicly exposing such hacking operations if the security team and the hackers are considered friendly, for example if they are members of the “Five Eyes” intelligence alliance. , which is made up of United United States, United Kingdom, Canada, Australia and New Zealand. Several members of Google’s security teams are veterans of Western intelligence agencies, and some have led hacking campaigns for these governments.
In certain cases, security companies will clean up so-called “user-friendly” malware, but avoid making it public.
“They generally don’t attribute US-based operations,” says Sasha Romanosky, a former Pentagon official who recently published search in private sector cybersecurity investigations. “They told us they were walking away specifically, it wasn’t their job to understand, they were politely stepping aside. It is not unexpected. “
While Google’s situation is unusual in some ways, there have been somewhat similar cases in the past. Russian cybersecurity company Kaspersky has fallen Fire in 2018, when it exposed a US-led counterterrorism cyber operation against ISIS and Al Qaeda operatives in the Middle East. Kaspersky, like Google, did not explicitly attribute the threat but nonetheless exposed it and made it unnecessary, US officials said, causing agents to lose access to a valuable surveillance program and even endangered the lives of soldiers on the ground.
Kaspersky was already heavily criticized for its dealings with the Russian government at the time, and the company was ultimately banned American government systems. He has always denied the existence of a special relationship with the Kremlin.
Google has also found itself in somewhat similar waters before. In 2019, the company released search on what could have been an American hacking group, although a specific attribution was never made. But this research was about a historic operation. However, the recent Google announcements were different because they highlighted what had been a live cyber espionage operation.
Who is protected?
Alarms raised both within the government and at Google show the company is in a difficult position.
Google’s security teams have a responsibility to the company’s customers and are generally expected to do everything possible to protect the products – and therefore the users – that are under attack. In this incident, it should be noted that the techniques used affected not only Google products like Chrome and Android, but iPhones as well.
As different teams draw their own lines, Project Zero has made a name for itself tackling critical vulnerabilities all over the internet, not just those found in Google products.