In accordance with a new report from MIT Technology Review.
The campaign in question, which has attracted more and more attention of the media in recent weeks, was the first written on in January by the Google Project Zero Threat Research team. At the time, all that was publicly known was that someone had been involved in a very complicated matter: a “highly sophisticated” group, probably composed of “teams of experts”, was responsible for targeting Numerous zero-day vulnerabilities (the grand total would later turn out to be 11) in several prominent operating systems, the researchers wrote.
This hacking campaign, which ended for about nine months, used the so-called “Trough” method—Where a threat actor injects malicious code into a website to effectively “catch” it (site visitors will subsequently be infected with malware, allowing the hacker to target and escalate the engagement of specific targets).
Of all these descriptors, the signals naturally pointed to the involvement of some kind of high-level hackers in the nation state, although few would have guessed that the culprits were, in fact, our friends! However, that seems to be the case. It is not clear which government is actually responsible for the attacks, who their targets were, or what the so-called “counterterrorism” operation entailed in connection with all this. MIT has not released how they came to this information.
One thing is certain: Google’s discovery and subsequent public disclosure of the exploits (as well as the company’s decision to patch the vulnerabilities) has apparently derailed whatever government operations were taking place. MIT writes that, by going public, the technology company effectively shut down a “live counterterrorism” cyber mission, adding that “it is unclear whether Google gave advance notice to government officials that they would publicize and shut down” the attacks. This has apparently “caused internal division at Google and raised questions within the intelligence communities of the United States and its allies.”
There are many questions here, obviously. In the first place, what government was doing this? What was the “terror” threat they were investigating? What websites were used to hunt down these terrorists? Given the sensitive political nature of these types of operations, it is unlikely that we will get any answers to those questions, at least not immediately. But since there is so little information available, it is also quite difficult to understand whether or not Project Zero was justified to perform the operation, or what was happening here.
Google apparently knows who the hackers and MIT are reports that the incident has sparked a debate within the company about whether counterterrorism operations like this should be considered “off limits” for public disclosure, or whether it was within their purview to disclose vulnerabilities to “protect users and make the Internet be safer. “