For Google And Microsoft, Malware Exploit Reports Are A Perilous Affair


Google and Microsoft have in recent months scrambled to counter cyberattacks of an unprecedented scale. And as the two companies consistently find themselves at the frontlines of cyberwarfare, a new dilemma is emerging regarding how best to maintain transparency through comprehensive security reports while reducing the probability of intractable collateral damage.

Google Has Problems Outing Friendlies

A just-released cybersecurity report by Technology Review focusing on Google has revealed some quandary emerging from a recent cybersecurity encounter. According to the publication, a Google cybersecurity security team recently stumbled upon a ‘friendly’ counterterrorism hacking operation run by an allied Western power, and unilaterally shut it down. The unit was found to be exploiting 11 zero-day vulnerabilities that targeted the Safari browser, an exclusive Apple product for iOS, as well as Google’s Chrome browser, which is available for both Android gadgets and Windows computers.

In the aftermath of the incident, Google refrained from providing details related to the attack and the foreign agency involved. And now, according to the Technology Review report, some security engineers at the company are questioning whether such findings should be concealed from the public. Notably, the communique released by Google’s cybersecurity team leaves out key details about the malware used. The report also fails to name the country undertaking the counterterrorism scheme. It only divulges that a series of domains were used as ‘watering hole’ sites to target victims’ devices and unleash a chain of vulnerability attacks.

As things stand, publicizing intricate details about such a finding could imperil the lives of the authorities involved and taper security cooperation with the allied nation. As discerned from the 2018 Kaspersky saga, non-disclosure is sometimes key in handling such situations. The Russian cybersecurity firm got chided by a collective of Western powers after it exposed a US cyber counterterrorism project targeting Al Qaeda and ISIS members. The move led to the firm’s programs being effaced from American government systems.

Understandably, Google’s decision to…

Source…