Google’s new Project Zero team adds some welcome muscle in the fight against cybercrime and could also lead to better privacy for all, making it harder for intelligence agencies to spy.
Picture: Getty Images
The team will be made up of technical security researchers who will be set loose to find security flaws in software relied on across the internet.
These flaws — known as zero day exploits as they have not been previously known by security researchers before malicious people abuse them — give the team its name.
Google’s Chris Evans says the company has already done much to improve security on its own products but it wants to do more.
You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications. Yet in sophisticated attacks, we see the use of “zero-day” vulnerabilities to target, for example, human rights activists or to conduct industrial espionage. This needs to stop. We think more can be done to tackle this problem.
Helping reduce the number of zero day vulnerabilities is good for businesses and governments and end users alike because it makes the threat surface smaller: fewer vulnerabilities will in time mean fewer exploits and consequently less data loss and victimisation.
It’s one piece of the overall increasingly complex cyber landscape that all of us have a stake in. Few doubt Google’s impressive technical capabilities, with its deep engineering understanding.
Google’s efforts so far
The Project Zero initiative is part of Google’s escalating efforts in this space, where the interests of businesses, citizens, activists and governments collide.
For some time now Google has been de-indexing webpages it deems to be technically dangerous from web searches.
This is a welcome sign of improving organisational maturity on the part of Google, and a strategic economic decision too. The company reaps billions of dollars a year from the online activities of end users and there is a strong link between that activity and trust.
A team effort on cybercrime
But Google isn’t alone in devoting more resources to improving the overall health of the internet.
Other companies have been active for years in this space too, most notably Microsoft. Its Digital Crimes Unit has had impressive results in taking down botnets responsible for massive amounts of online crime. The team has been trailblazers in working collaboratively with law enforcement agencies against criminals such as child sex offenders.
Earlier this year Microsoft opened its Cybercrime Centre housed in a purpose-built building in the Redmond campus staffed with engineers, lawyers and others.
It will be some years before Google matches Microsoft’s efforts but cybercriminals should be increasingly worried as these global giants focus on them and underlying vectors they exploit. Even more so as these corporate heavyweights increasingly collaborate.
Earlier this year I spoke at the Microsoft Digital Crimes Consortium in Singapore. Google staff did too. The two companies are fierce competitors commercially, but there is an increasing common understanding of the threats to their businesses.
Better privacy for all
But this collaboration will go even further in protecting our individual and collective security and privacy online: it will slow the activities of intelligence agencies whose large scale online data gathering has been in part exposed by Edward Snowden‘s leaked documents.
It will impact on what has been described as their “dataholism“, their a thirst for and addiction to gathering information.
Because the reputation of these US tech giants has been tarnished by the activities of their government they are reacting in a number of ways, from lobbying Congress to curtail egregious acts, through to focusing their technical skills on securing their customers, as in this case.
If you are an online citizen and consumer — which frankly, we all are, like it or not — we will all benefit from the moves to weaken the vectors of attack.
It seems giants are stirring, and they’re on our side.
Alastair MacGibbon is Director, Centre for Internet Safety at University of Canberra. He does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.