There was a recent hacking campaign that was considered to be ‘highly sophisticated’ according to the wider security community. This attack targeted zero-day security flaws in Android, Windows and iOS devices. As it turns out, this was actually the work of Western governments, you know, US. According to a new report from MIT Technology Review, the attack was part of a counterterrorism operation.
Google’s threat research team, Project Zero, first reported on the attack in January. Then, all that anyone knew about it was that someone had been doing some serious snooping. The ‘team of experts’ targeted 11 zero-day vulnerabilities in the most popular operating systems.
This campaign went on for 9 months using the ‘watering hole’ method of hacking. A watering hole is when malicious code is injected into a website to effectively ‘booby trap’ it. So, visitors that go to those sites will become infected with malware that allows hackers to target and compromise specific targets.
When it was discovered, the signs of this attack pointed to the involvement of nation-state hackers. I don’t think anyone would have suspected that the culprits were friendlies. We are not exactly sure which government was involved in the attacks, or who its targets were. Also, MIT has not provided any explanation as to how they found out.
MIT states that by going public, Google basically hit the kill-switch on a live counterterrorism operation. MIT also said, it’s ‘not clear whether Google gave advance notice to government officials that they would be publicizing and shutting down’ the hacks. This problem has ’caused internal division at Google and raised questions inside the intelligence communities of the United States and its allies.’