A sophisticated hacking campaign that was previously witnessed targeting security flaws in Android, Windows and iOS devices is actually the work of “Western government operatives” conducting a “counterterrorism operation,” according to a new report from MIT Technology Review.
The campaign in question, which has garnered more and more attention from media outlets over the last few weeks, was first written about in January by Google’s threat research team Project Zero. At the time, all that was publicly known was that someone had been up to some very tricky business: a “highly sophisticated” group, likely staffed by “teams of experts,” was responsible for targeting numerous zero-day vulnerabilities (the grand total would later turn out to be 11) in various prominent operating systems, researchers wrote.
This hacking campaign, which ended up going on for about nine months, used the so-called “watering hole” method—in which a threat actor injects malicious code into a website to effectively “booby trap” it (visitors to the site will subsequently become infected with malware, which allows the hacker to target and escalate compromise of specific targets).
From all of these descriptors, signs naturally pointed to the involvement of some sort of high-level nation-state hackers—though few would’ve guessed that the culprits were, in fact, our friends! Nevertheless, that would appear to be the case. It is unclear what government is actually responsible for the attacks, who its targets were, or what the so-called “counterterrorism” operation related to all of this entailed. MIT has not divulged how they came into this information.
One thing is certain: Google’s discovery and subsequent public disclosure of the exploits (as well as the company’s decision to patch the vulnerabilities) has apparently derailed whatever government operation was occurring. MIT writes that, by going public, the tech company effectively shut down a “live counterterrorism” cyber mission, also adding that it “is not clear whether Google gave advance notice to government officials that they would be publicizing and shutting down” the attacks. This has apparently “caused internal division at Google and raised questions inside the intelligence communities of the United States and its allies.”
There are a whole lot of questions here, obviously. First off, what government was doing this? What was the “terror” threat they were investigating? Which websites were used in the pursuit of said terrorists? Given the sensitive political nature of these kinds of operations, it’s unlikely that we’re going to get any answers to those questions—at least not right away. But since there’s so little information available, it’s also pretty difficult to understand whether Project Zero was justified in outing the operation or not, or what was even going on here.
Google apparently knows who the hackers are, and MIT reports that the incident has spurred a debate at the company over whether counterterrorism operations like this should be considered “out of bounds” for public disclosure, or whether it was well within their purview to disclose the vulnerabilities to “protect users and make the internet more secure.”