A sophisticated hacking campaign that has been witnessed previously targeting security breaches on Android, Windows and iOS devices is actually the work of “Western government agents” conducting a “counterterrorism operation”, according to a new report from MIT Technology Review.
The campaign in question, which has attracted more and more attention of the media in recent weeks, was the first written about in January, by Google’s threat research team, Project Zero. At the time, all that was publicly known was that somebody had been involved in a very complicated business: a “highly sophisticated” group, probably composed of “teams of experts”, was responsible for targeting numerous zero-day vulnerabilities (the grand total would turn out to be 11) on several prominent operating systems, the researchers wrote.
This hacking campaign, which ended up lasting about nine months, used the so-called “Drinking fountain” method– where a threat agent injects malicious code into a website to effectively “trap” it (website visitors will subsequently be infected with malware, which allows the hacker to target and increase the commitment of specific targets).
Of all these descriptors, the signs naturally pointed to the involvement of some kind of high-level nation-state hackers – although few guessed that the culprits were, in fact, our friends! However, this appears to be the case. It is not clear which government is actually responsible for the attacks, who their targets were or what the so-called “counterterrorism” operation related to all of this implied. MIT did not disclose how they came to this information.
One thing is certain: Google’s discovery and subsequent public disclosure of the exploits (as well as the company’s decision to fix the vulnerabilities) apparently derailed any government operations that were taking place. MIT writes that, by going public, the technology company effectively ended a cybernetic “live counterterrorism” mission, also adding that “it is not clear whether Google warned government officials in advance that they would be publishing and terminating” the attacks. This apparently “caused internal division at Google and raised questions within the intelligence communities of the United States and its allies.”
G / O Media can receive a commission
There are many questions here, obviously. First, what government was doing this? What was the “terror” threat they were investigating? Which sites were used in the pursuit of said terrorists? Given the sensitive political nature of this type of operation, we are unlikely to get any answers to these questions – at least not immediately. But, as there is so little information available, it is also very difficult to understand whether Project Zero was justified in revealing the operation or not, or what was happening here.
Google apparently knows who the hackers are, and MIT reports that the incident sparked a debate at the company about whether counterterrorism operations like this should be considered “off-limits” for public disclosure, or whether it was well within its competence to disclose vulnerabilities to “protect users and make the Internet safer. “