Last week, Google’s cybersecurity team (Project Zero and Threat Analysis Group) announced in blogs that a single unidentified hacking group had used 11 unknown vulnerabilities in a series of digital attacks over nine months in 2020. Google also revealed that the software that was attacked. included the Safari browser on iPhones and many Google products, such as the Chrome browser on Android phones and Windows computers. What they did not reveal, however, was who the hackers might be.
On Friday, MIT Tech Review published an article claiming that the hackers were from a Western government and carried out a counter-terrorism campaign. Google issued a statement to the media outlet explaining why it did not reveal who the hackers were.
“Project Zero is dedicated to finding and patching 0-day vulnerabilities, and posting technical research designed to advance the understanding of new security vulnerabilities and exploitation techniques across the research environment,”
“We believe that sharing this research leads to better defensive strategies and increases safety for all. We do not perform attribution as part of this survey. ”
While it is true that Project Zero does not attribute hacking to specific groups, Threat Analysis Group does. In addition, Google omitted many more details about the attack, including whether the company had notified the hacker government in advance that they would stop the effort.
Google claimed that what was important in this case was to fix the security flaws, instead of focusing on who was leading the cyberattacks. This is because even though these attacks were carried out by a Western government, they could one day be used by scary agencies, Google claimed. The situation places greater emphasis on an already ongoing discussion on how covert activity carried out by a friendly government should be dealt with.
Security teams that detect vulnerabilities exploited by friendly characters are not uncommon. So what’s interesting here is the fact that we get to write about it. Some Google employees claimed that such counterterrorism operations should not be disclosed to the public while some other employees lined up for it, citing internet security and user protection concerns.