Stop Burning – Michael Coppola

This article refers to incidents related to Google TAG and Project Zero dating back to 2020 and 2021. At the time, these incidents sparked a small public debate that was mostly in support of Google's actions. However, personally, these incidents were deeply disturbing to me and a significant number of my colleagues in the security research community.

After taking some time to gather my thoughts on this subject, I finally felt ready to share them publicly.

The views and opinions expressed in this article are my own and do not necessarily reflect those of my employer.

In January 2021, Google's Project Zero published a series of blog posts called the “In the Wild Series.” Written in collaboration with Threat Analysis Group (TAG), the reports detailed a series of zero-day vulnerabilities that government attackers are exploiting in the wild.

The incident was a shocking headline-grabbing incident and provided a rare, inspiring, and highly technical look into the secret world of nation-state computer hacking. The report not only detailed the nation-state attackers' exploit code, but also detailed the mechanics of their entire operation, including their deployment configurations, dismantling of their implant code and command and control communications.

Project Zero and TAG were not passive observers in their investigation: they actively probed the attackers' attack servers, extracting as many exploits as possible and reverse engineering their functionality. However, despite this meticulous level of analysis, one of TAG's key deliverables – attribution to attackers and targeted parties – was noticeably absent from the report.

What the Google team omitted was the fact that they had actually exposed a nine-month long counter-terrorism operation being carried out by Western governments allied with the US, and that Project Zero and TAG had unilaterally disrupted and shut down the operation through their own actions.

A few months later, Project Zero doubled down on its efforts with a series of additional articles exposing previously undisclosed exploits and targeting techniques by the same government actors. When this second report was released, Project Zero members accompanied the following statement: “Every step we take to make zero-day attacks harder keeps us all safer.”

This is a dangerously simplistic view.

Google researchers on these teams work with the goal of reducing harm, but regardless of the actor or reason, burning campaigns demonstrate a serious misunderstanding of the important role cyber plays in reducing harm in the world.

Counterterrorism operations are one of the clearest examples. Cyber ​​is a vital component of modern counterterrorism operations, and these operations, because they involve life and death, fall into a separate category from conventional espionage. When governments deploy cyber capabilities for this purpose, they also use these tools directly to thwart potential attacks on civilians, provide critical intelligence to soldiers on the ground, and deny technological resources to terrorists — all while reducing the risk to U.S. and allied lives in the process.

Burning these operations carries more risk than the destruction of monitoring tools and loss of information sources. When exploits are burned, human resources can be burned as well. People can be killed. Victims can go unscathed. There are countless secondary effects that endanger human lives in unique ways.

Most of the work in this field is not made public, but information that has trickled down and been declassified over the years provides insight into how governments use these tools to infiltrate, exploit, and combat terrorist networks.

For example, in June 2016, the Australian Signals Directorate (ASD) used cyber operations to gain an advantage in a critical battle in Iraq. By hacking ISIS phones and disabling them at strategically precise times, the ASD was able to disrupt ISIS communications in coordination with Iraqi forces advancing in the Tigris Valley. This tactic gave Iraqi forces on the ground a decisive advantage, capitalizing on the confusion that allowed militants to retreat to less secure communication channels. This battlefield success directly paved the way for Iraqi and partner forces to later liberate Mosul from ISIS control.

Additionally, thanks to a series of documents declassified under the Freedom of Information Act (FOIA), we also know how offensive cyber has been used to combat terrorist recruitment and propaganda activities. In November 2016, a joint task force of the U.S. Cyber ​​Command and the National Security Agency, known as Joint Task Force Ares (JTF-ARES), launched a major cyberattack to dismantle ISIS’ online media operations. Called Operation Glowing Symphony, the task force significantly degraded and destroyed ISIS’s ability to recruit, distribute propaganda, proselytize, and conduct financial transactions over the internet. As a result, ISIS’s websites, social media accounts, and many of its most popular media outlets, such as the online magazine Dabiq and its internal news service Amaq News Agency, ceased operations.

After the initial attack, JTF-ARES continued operations by covertly degrading ISIS's computer networks, causing members of the organization to become frustrated and violate operational security (OPSEC) practices, putting themselves at risk. These deficiencies in OPSEC created further opportunities to be exploited by operatives and soldiers on the ground.

Notably, in 2018, Kaspersky released the Slingshot report, exposing counterterrorism efforts by the US Joint Special Operations Command (JSOC). The report revealed a massive, six-year campaign of attacks targeting ISIS and al-Qaeda members who used computers in internet cafes to communicate with their leaders. Slingshot was a valuable resource for monitoring these communications and identifying terrorists and co-conspirators. The intelligence Slingshot collected was provided directly to JSOC soldiers conducting missions to physically capture terrorists on the ground.

Kaspersky's report was a shock to JSOC's activities, and U.S. officials responded by publicly acknowledging it, an unusual step, and expressing concern that the revelations could lead to the U.S. losing access to valuable, long-standing surveillance programs and putting soldiers' lives at risk.

These risks to lives are not abstract. In the late 2000s, the program's early incarnation physically sent JSOC soldiers to recruit Iraqi agents to go into Internet cafes to covertly infect these computers. JSOC relied on its many local agents in Iraq to carry out direct intelligence missions it could not perform itself, and some of these agents were kidnapped and killed in the line of duty. But the information they produced was invaluable. By monitoring these computers, JSOC could reliably identify targets using the machines in the cafes, leading to hundreds of successful terrorist capture missions.

So perhaps the most powerful and interesting aspect of cyber operations are the secondary benefits they provide: exploiting computer networks allows for similar intelligence gathering without endangering human life; exploiting allows for SIGINT (signals intelligence) gathering in situations that would otherwise require HUMINT (human intelligence) or in-person operations, and it can be done in a very targeted manner without relying on large, potentially controversial collection systems.

Remote control of computers used by terrorists eliminates the need for humans to have physical access. Hacking smartphones allows soldiers to track the exact location of targets without physically following them. Listening to terrorist conversations on microphones eliminates the need for agents to infiltrate meetings. When cyber is no longer an option, more humans will need to be sent into the field to gather intelligence.

It is important to be clear on this point: Cyber ​​operations allow us to gather information important to our national security while keeping people out of harm's way.

Project Zero and TAG's decision to discontinue counterterrorism operations is shocking, but not entirely unexpected: Google is a for-profit company and their actions are in the interest of Google's customers.

But Project Zero and TAG are willing to weigh in on national security matters in our countries. The decisions these teams make have real-world implications on public safety, foreign policy, and warfighting. There are interests at stake beyond the security of our products, and each of these interests needs a voice.

It is important to acknowledge that I write this article as a fan of Project Zeros research and as a beneficiary of TAG’s services. I was one of several security researchers targeted in North Korean attacks in 2021, and the alert I received was due to TAG’s work to monitor state-sponsored actors.

But that's hard to excuse for an otherwise positive team's work: The decision to subvert Western counterterrorism efforts for a second time was a major, potentially fatal, blunder in Google's history, and should be remembered as such.

Many thanks to Ryan Stortz, Sophia d'Antoine, Dave Aitel, Ian Roos, and many anonymous contributors for their help and support in writing this article.

Sources 1/ https://Google.com/ 2/ https://poppopret.org/2024/06/24/google-stop-burning-counterterrorism-operations/ The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos