Google shut down Western counterterrorism operation disguised as cyberattack
Google's crack security team Project Zero has highlighted 11 zero-day exploits compromising iOS, Android, and Windows platforms. All of these have been linked to state-sponsored Western hacking groups. The hackers were allegedly a part of a counterterrorism operation ostensibly run by an unnamed Western ally. Apparently, the zero-day security exploits were a part of an ongoing counterterrorism operation that Project Zero inadvertently shut down.
Project Zero researchers discover sophisticated zero-day exploits with government origins
When Project Zero dug deeper into the 11 zero-day exploits, it found that the hackers were too sophisticated to be regular individuals. Most researchers generally put the blame on Chinese, North Korean, or Russian hackers and call it a day. However, Project Zero scientists discovered that the attackers were Western hackers conducting a counterterrorism operation, according to an MIT Technology Review report.
Zero-day exploits explained in simple terms
Zero-day exploit or vulnerability is the term used to denote a hardware, software, or operating system flaw that allows hackers to compromise the same before the developers can issue a patch. It is generally attributed to sophisticated hackers who use undetected vulnerabilities to attack systems.
What is Google's Project Zero task force?
Project Zero is Google's special task force that finds and patches zero-day exploits in major platforms. The group also enlists the services of security scientists to conduct research into novel security vulnerabilities and exploitation techniques to stay one step ahead of hackers.
Google faced internal turmoil over decision to terminate government operations
Although Google remains tightlipped about the identity of the Western ally conducting the hacks, it also didn't detail the nature of the counterterrorism operations being conducted. Some Google employees reportedly didn't appreciate the company interfering with critical counterterrorism operations, whereas others defended its right to safeguard its software and customers from the inevitable harm caused by these state-sponsored cyberattacks.
'Western ally' used the exploits undetected for 9 months
The unknown attackers used a novel "watering hole" technique, which involves injecting websites with malware in order to compromise targets using platforms such as iPhone, Android, and Windows. The operation began in February 2020 and continued undetected for more than nine months before Google patched the zero-day exploits. Apparently, the Western hackers were targeting specific individuals, so the general public could be safe.
Stuxnet good example of Western cyberattacks getting out of hand
However, that isn't always true. The US and Israeli covert initiative dubbed Operation Olympic Games successfully targeted Iranian nuclear facilities using the Stuxnet malware, which eventually leaked out and affected the civilian world. The US-developed malware only targeted specific Siemens industrial automation hardware and switched itself off in 2012. However, there is no guarantee that all state-sponsored attacks will have such safety features.