A sophisticated hacking campaign that previously witnessed security flaws in Android, Windows and iOS devices is actually the work of “Western government operators” conducting a “counter-terrorism operation”, according to a new report from MIT Technology Review.
The current campaign, which has got more and more attention from the media in recent weeks, was first written about in January by Google’s threat research team Project Zero. At that time, everything that was publicly known was there some had been engaged in some very difficult activities: a “very sophisticated” group, probably staffed by “expert groups”, was responsible for targeting many zero-day vulnerabilities (the sum will later turn out to be 11) in various prominent operating systems, researchers wrote.
This hacking campaign, which ended in about nine months, used the so-called The “water hole” method– Where a threat actor injects malicious code into a website to effectively “capture” it (site visitors will then be infected with malicious software, which allows the hacker to target and escalate compromises with specific targets).
From all these descriptions, signs naturally pointed to the involvement of some kind of high-level nation-state hackers – although few would have guessed that the culprits were actually our friends! Still, that seems to be the case. It is unclear which government is actually responsible for the attacks, who its targets were, or what the so-called “counter-terrorism” operation involved in all this entailed. MIT has not disclosed how they entered this information.
One thing is for sure: Google’s discovery and subsequent disclosure of the exploits (as well as the company’s decision to patch the vulnerabilities) have apparently tracked down whatever government operation took place. MIT writes that the technology company, by becoming public, effectively shut down a “live-terrorism” cyber mission, and also added that it is “not clear whether Google notified the authorities in advance that they would publish and shut down” the attacks. This has apparently “caused internal divisions within Google and raised questions in the intelligence communities of the United States and its allies.”
There are obviously many questions here. First, which government did this? What was the “terrorist threat” they were investigating? What websites were used in the hunt for the said terrorists? Given the sensitive political nature of this type of operation, it is unlikely that we will get answers to these questions – at least not right away. But since there is so little information available, it is also quite difficult to understand whether Project Zero was entitled to leave the operation or not, or what even went on here.
Google apparently knows who the hackers are, and MIT reports that the incident has spurred a debate in the company about counter-terrorism as it should be considered “outside the bounds” of publication, or whether it was within their area of responsibility to expose the vulnerabilities to “protect users and make the internet safer.”