Listed below are the craziest tales from the brand new Hacking Google documentary

0
28

hacking google

TL;DR

  • Google has launched a six-part docuseries known as Hacking Google.
  • The collection discusses main industry-shaping occasions just like the Operation Aurora cyberattack and extra.
  • Every episode is devoted to every of the groups that make up Google’s cybersecurity arm.

From answering emails to watching YouTube movies, the online is part of our on a regular basis lives. Whether or not we’re checking our telephone after waking up or logging on to begin our day of labor, we use the web with out a second thought. And never solely do we regularly use it with out pondering, however we additionally belief that the providers we’re utilizing will keep us safe from the dangers that lurk on the web.

Nonetheless, retaining everybody secure whereas on-line is less complicated stated than accomplished. To disclose every part that goes into retaining you secure as you visit cyberspace, Google has launched a six-part documentary known as Hacking Google. The collection is concentrated on every of the corporate’s cybersecurity groups and their tireless efforts to thwart cyber threats.

Android Authority had the possibility to view the documentary in its entirety, and right here have been the craziest issues we realized from it.

Operation Aurora

After launching the steady model of its new working system (Android) in 2008, the continuing 12 months was an eventful time for Google. Crusing on the excessive of its new OS, Google would later get a nasty shock that appeared to cease every part in its tracks.

On December 14, 2009, VP of Safety Engineering, Heather Adkins, and others from the division found uncommon exercise within the type of a single message despatched to an worker. What seemed to be a easy phishing assault — the place the sender makes an attempt to get the recipient to click on on a malicious hyperlink or reveal delicate data — turned out to be one thing a lot larger that might change the {industry} perpetually.

As soon as the hyperlink was opened, the consumer was directed to an internet site that downloaded malicious software program that helped the attacker set up a foothold in considered one of Google’s servers. The cyberattack was nothing extraordinary because it was capable of be taught and alter ways quicker than Google’s native safety group might deal with on the time. Consequently, Google’s safety group dropped every part to concentrate on this one downside.

Proper after the preliminary launch of Android, Google confronted one of the vital devastating assaults in its historical past.

The problem was deemed so extreme that the group went from dedicating one convention room as its struggle room to increasing to all the constructing. Google’s safety specialists from world wide assembled at Mountain View and proceeded to tug exhausting drives from throughout its campus to do forensics.

In attempting to know the exploit that was used for the assault, the code phrase “Aurora” was discovered within the malicious code. Aurora refers to a Russian battleship that fired a shot that began the Russian revolution. This discovery led to Google beginning Operation Aurora, a venture that fully modified the best way Google handles cybersecurity.

The safety group was lastly capable of rid its community of the attacker after deciding to purge all workers from the community and reset all passwords. In 2010, Google realized at the least 20 different corporations have been compromised and that the wrongdoer behind the assault was a international authorities — China.

This was one of many first situations of a authorities hacking corporations and people quite than different governments or authorities workers.

WannaCry

WannaCry is likely one of the most notorious ransomware assaults — a cyberattack that holds computer systems hostage for calls for of cash — in historical past, and Google performed a hand in determining the place it originated from.

Google’s Risk Evaluation Group (TAG) was fashioned on the heels of Operation Aurora. Its job is to seek out and tag cybercriminals and their strategies. This enables completely different safety groups to create defenses and responses to cyberattacks.

The spine of TAG rests with Google’s search engine, a software that downloads the whole thing of the public-facing web. As you realize, the web is filled with good and unhealthy web sites, however Google’s search engine often flags unhealthy content material earlier than it reaches your search outcomes.

WannaCry was an enormous downside, and Google was a key participant in determining what to do about it.

TAG has created a whole duplicate of Google Search to feed in each little bit of malicious software program the group finds. This fashion it has a full index of malicious software program the group can search by when figuring out assault strategies.

Within the documentary, Director of TAG, Shane Huntley, says his group used this method towards the infamous WannaCry assault that affected over 200,000 computer systems in 150 nations.

The group plugged the malware into their search engine and located associated behaviors and accounts getting used to arrange the malware. Their investigation led to them determining that the North Korean authorities was behind the chaos.

A military of pretend safety specialists

WannaCry wasn’t the one cyberattack that was linked to North Korea. The North Korean authorities additionally tried to achieve inside data by attempting to achieve the belief of safety specialists world wide by elaborate faux personas.

In January 2021, it was found that a military of supposed safety specialists have been simply faux accounts created by a malicious actor. The aim of those accounts was to achieve the belief of actual safety specialists. This was accomplished by cautious, calculated conversations that would trick any professional. As soon as belief was gained, the faux persona would ask the specialists to take a look at an internet site.

Because it seems, not each affiliate Google specialists meet is an actual safety researcher — or perhaps a actual particular person.

As you most likely suspected, the web sites contained exploits that might give the malicious actor entry to the researcher’s machine. That is particularly harmful as a result of researchers’ computer systems are more likely to include cybersecurity analysis that would train the hacker how these specialists make the locks used to dam malware. With this data, they might be capable to create methods to interrupt these safeguards.

As soon as once more, Google was capable of finding the origin of the assault. The detection and response group additionally discovered that two of Google’s personal computer systems had been compromised by considered one of these faux accounts.

No chloroforming guards

Implementing cybersecurity measures is an effective way to guard your organization and the individuals who use your services from cyber threats. However what use do these efforts have in the event that they aren’t efficient? That’s why a key a part of making certain the standard of your cybersecurity is testing. Google’s Crimson Group is in control of looking for exploits within the firm’s cybersecurity.

Often known as penetration and vulnerability exams, Crimson Group works to hack into each product Google has. Generally this requires artistic pondering.

One group at Google spends its days attempting to hack Google itself, however they need to comply with a couple of guidelines.

One instance of that is when the group went after Google Glass. To hack into the venture, Crimson Group got here up with a plan to supply USB plasma globes preloaded with malware to different workers across the campus. Certain sufficient, somebody ended up plugging one of many globes into their pc and the group was capable of achieve entry to the Google Glass venture by a collection of infections known as a kill chain.

One thing you might not count on, nevertheless, is the group has a algorithm that it has to comply with. Earlier than conducting any assault, each member of the group has to comply with sure phrases of engagement to ensure nobody will get damage. Amongst these guidelines, it explicitly states that they can’t break something, entry actual buyer information, threaten anybody, ship bribes, or chloroform guards.

A number of generations of cell spying

Undertaking Zero is a devoted group that hunts down vulnerabilities and studies them. They’re in control of discovering what’s often called zero-day hacks — a weak level in a program’s code that’s found by cybercriminals earlier than the individuals liable for fixing it. Folks have zero days to defend themselves towards a zero-day assault, therefore the title.

The documentary states that zero-day vulnerabilities have been used to do every part from surveilling human rights activists to damaging bodily infrastructure. For instance, the Aurora assault was a zero-day exploit.

An undisclosed off-the-shelf telephone was principally a video spy gadget.

Due to the efforts of Safety Engineer Natalie Silanovich, it was found that 5 completely different video chat apps had a vulnerability that would permit a hacker to drive a telephone to transmit video and audio with out the proprietor understanding.

One of many largest discoveries Undertaking Zero made needed to do with a preferred cell phone. In December 2018, TAG discovered a gaggle of exploits that have been getting used towards an unnamed handset. Undertaking Zero analyzed the exploits and located that the vulnerabilities might permit somebody to take chat histories, pictures, GPS places, and extra.

What’s extra troubling is that it appeared this exploit had existed for a number of generations of that cell gadget. And in reality, the exploit was getting used to spy on the Uyghur group.


Which of those revelations did you discover essentially the most fascinating? Tell us within the ballot under.

What do you assume is the craziest factor on this documentary?

0 votes


Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here