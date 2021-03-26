On March 18, Google made public that through its cybersecurity teams intercepted an “expert level” hacker attack. According to the Californian company, hackers exploited 11 very strong vulnerabilities in Safari and Chrome that affected devices with iOS, Android and Windows.

What Google omitted in its report was that the hacker attack it was actually a counterterrorism operation carried out by allies of the United States. The unilateral decision of the Mountain View giant compromised an intelligence maneuver that had been active for nine months.

A report published by Technology Review, from MIT (Massachusetts Institute of Technology), assures that the operation disassembled by Google, through the Project Zero and Threat Analysis Group teams, it was carried out by “agents of Western governments”.

But the most important controversy occurred within Google. The decision to make the information public after the hacking stopped caused a split in the company. A group of employees argued that the disclosure of counterterrorism operations it was off-limits to the company.

Another part believed that the ad was key to promote a safer internet with protected users, and that this was framed in the rights of the company.

Google, hackers, counter-terrorists and a report riddled with omissions

In its ad, Google omitted who was responsible for the hack and who was the target of it, as well as more detailed technical information on the malware and the sites used to distribute it.

The lack of this type of information, which in one way or another always comes to light in ‘normal’ situations, raised the eyebrows of security experts. One of the most vocal was Ryan Naraine, who criticized Google’s secrecy and called the report on the hackers’ attack a “dark hole.”

The antiterrorist operation that Google detected consisted of the distribution of malware through infected websites. What would have caught the attention of the cybersecurity team would have been the scale, sophistication and speed of the attack, using “never before seen” techniques.

Google’s cybersecurity team shot itself in the foot

Project Zero specializes in finding and fixing what are known as “zero-day exploits” or “zero-day attacks.” For its part, the Threat Analysis Group team is the one that is responsible for identifying hackers and attributing attacks. As both of them worked together to stop this operation, the data available suggests that internally Google knew who they were dealing with.

The Technology Review report quotes a former US intelligence officer remarking that operations carried out by western countries are recognizable. “There are certain stamps in Western operations that do not appear in those of other entities. You can see them translated into the code, “he said.

It is not the first time that security teams from private companies have stopped hacks carried out by agents from allied countries. What is not common is that these maneuvers are made public, less if they are from hackers of governments close to their own country. If Google stopped the counterterrorism operation, but did not publish a report on it, nothing would have happened, at least for the public. Doors inside could be handled differently.

Tech corporations are obligated to provide safe products for their users. The work of teams like Project Zero is essential to achieve this, but it is true that intelligence and counterintelligence operations they have very blurry boundaries (if they have any). So much so that possibly endless ethical discussions are generated, especially when there are life or death situations.

If there is any learning from this great mess, it is that Much work remains to be done to eliminate vulnerabilities in mass access products such as Safari and Chrome. And this affects both computers and mobile devices.

