The “vulnerabilities equities process”

@HowellONeill
reports that the recent mysterious hacking group that used 11 zero-days in a year was a US-ally.
“It is not clear whether Google gave advanced notice to government officials.”
https://www.technologyreview.com/2021/03/26/1021318/google-security-shut-down-counter-terrorist-us-ally/

Google’s top security teams unilaterally shut down a counterterrorism operation. The decision to block an “expert” level cyberattack has caused controversy inside Google after it emerged that the hackers in question were working for a US ally.

Google’s security teams publicly exposed a nine-month hacking operation
What wasn’t disclosed: The move shut down an active counter-terrorist operation being conducted by a Western government

The decision has raised alarms inside Google and elsewhere

A pair of recent Google blog posts detail the collection of zero-day vulnerabilities that it discovered hackers using over the course of nine months. The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors. They caught the attention of cybersecurity experts thanks to their scale, sophistication, and speed.

“Project Zero is dedicated to finding and patching 0-day vulnerabilities, and posting technical research designed to advance the understanding of novel security vulnerabilities and exploitation techniques across the research community,” a Google spokesperson said in a statement. “We believe sharing this research leads to better defensive strategies and increases security for everyone. We don’t perform attribution as part of this research.”

It’s true that Project Zero does not formally attribute hacking to specific groups. But the Threat Analysis Group, which also worked on the project, does perform attribution.

Western operations are recognizable, according to one former senior US intelligence official.

“There are certain hallmarks in Western operations that are not present in other entities … you can see it translate down into the code.”
If they are members of the “Five Eyes” intelligence alliance, which is made up of the United States, the United Kingdom, Canada, Australia, and New Zealand.

Software that was attacked included the Safari browser on iPhones but also many Google products, including the Chrome browser on Android phones and Windows computers.

Spotlight on what had been a live cyber-espionage operation.
Just Who Is Being Protected?

It’s notable that the techniques used affected not just Google products like Chrome and Android, but also iPhones.