Recently, Google completely exposed and shut down an expert counter-terrorism hacking operation by a supposed US ally.
The unidentified hacking group had reportedly exploited 11 unknown security vulnerabilities in a series of cyber attacks to google over a span of nine months in 2020. With that said, the news about the anonymous US ally hacker has raised some troubling questions about this kind of operations done by the government or its allies.
Google Hacked in 2020; Shut Down US-Allied Hackers
According to MIT Tech Review, Google's cybersecurity teams--Project Zero and Threat Analysis Group--uncovered and stopped a counter-terrorism operation. However, the tech giant didn't initially reveal that the hack was performed by a Western government who was doing a friendly counterterorrism operation.
As to why they didn't provide details about the hackers being from a U.S. ally, Google said in a statement that Project Zero is simply "dedicated to finding and patching 0-day vulnerabilities and posting technical research designed to advance the understanding of novel security vulnerabilities and exploitation techniques across the research community."
Google also expressed their belief that sharing the research can help them come up with better defensive strategies. It also increases security for everyone. For what it is worth, it is unknown whether or not Google gave an advance notice to the hacking group and relevant government institution that they would shut down their efforts.
It is also not clear whether Google told them that they will publicize the digital attack--even though the company didn't name the specific group of Western group involved in the incident.
What Actually Happened in the Digital Attack?
On the Google blog post, the tech giant said that they discovered in October 2020 an actor from a February 2020 campaign came back with the next version of their campaign redirecting multiple websites to an exploit server. Once Google's analysis began, it discovered links to a second exploit server on the same website. After the first fingerprinting, it was revealed that an iframe was "injected" into the website, which then lead to one of the two exploit servers.
On Google's testing, it found out that the two exploit servers were present on all of the domains from iOS, Android and Windows devices. The targeted hacks reportedly aimed to ensnare terrorists by drawing people to websites that would install malware on their devices.
In total, the company said it collected one full chain that targeted fully patched Windows 10 that uses Google Chrome; two partial chains that attacked two different fully patched Android devices that ran on Android 10 and used Google Chrome and Samsung Browser. The company also emphaszied "RCE exploits for iOS 11-13," as well as what they call "privilege escalation exploit for iOS 13."
Google stated that the move had split the company's staff, suggesting counter-terrorism efforts should be left alone by the company. In contrast, others believe that it is within the tech company's responsibility to interfere.
In the end, Project Zero closed out 2020 with lots of long days analyzing many 0-day exploit chains and seven 0-day exploits. When combined with the company's earlier 2020 operation, the actor used at least 11 0-days in less than a year.