Earlier this year the Google’s Project Zero team published several reports detailing a “sophisticated” hacking operation targeting Windows, Android, and iOS devices using multiple zero-day exploits. However, according to MIT Technology Review, it appears that this campaign was actually coming from Western government operatives actively conducting a counterterrorism operation.
It’s unclear which Western government had employed the sophisticated attack or what sort of counterterrorism operation they were running. The MIT report says that Google did not include in its reports key details, such as who was responsible for the attacks, as well as important technical information on the malware or the domains used in the operation.
“At least some of that information would typically be made public in some way, leading one security expert to criticize the report as a “dark hole,” MIT wrote.
Some Google employees have apparently argued that counterterrorism operations should be out of bounds when it comes to public disclosure. Others say that Google was within its rights to protect the company’s products from imminent attacks that could harm end-users.
“Project Zero is dedicated to finding and patching 0-day vulnerabilities, and posting technical research designed to advance the understanding of novel security vulnerabilities and exploitation techniques across the research community,” a Google spokesperson said in a statement. “We believe sharing this research leads to better defensive strategies and increases security for everyone. We don’t perform attribution as part of this research.”
While Project Zero does not formally attribute hacking to specific groups, the Threat Analysis Group, which also worked on the project, does perform attribution, MIT wrote. The report indicates that the research teams might have known who the hacker and targets were. It’s unclear whether Google has informed government officials in advance that they would be publicly disclosing the hack.
A former senior US intelligence official told MIT that Western operations are recognizable, and that’s because of the local laws that impact what spy agencies can and can’t do.
“There are certain hallmarks in Western operations that are not present in other entities … you can see it translate down into the code. And this is where I think one of the key ethical dimensions comes in. How one treats intelligence activity or law enforcement activity driven under democratic oversight within a lawfully elected representative government is very different from that of an authoritarian regime,” the former official said. “The oversight is baked into Western operations at the technical, tradecraft, and procedure level.”