Affiliate links on Android Authority may earn us a commission. Learn more.
Here are the craziest stories from the new Hacking Google documentary
- Google has launched a six-part docuseries called Hacking Google.
- The series discusses major industry-shaping events like the Operation Aurora cyberattack and more.
- Each episode is dedicated to each of the teams that make up Google’s cybersecurity arm.
From answering emails to watching YouTube videos, the web is a part of our everyday lives. Whether we’re checking our phone after waking up or logging on to start our day of work, we use the internet without a second thought. And not only do we often use it without thinking, but we also trust that the services we’re using will keep us safe from the dangers that lurk on the web.
However, keeping everyone safe while online is easier said than done. To reveal everything that goes into keeping you safe as you surf the net, Google has released a six-part documentary called Hacking Google. The series is focused on each of the company’s cybersecurity teams and their tireless efforts to thwart cyber threats.
Android Authority had the chance to view the documentary in its entirety, and here were the craziest things we learned from it.
Operation Aurora
After launching the stable version of its new operating system (Android) in 2008, the proceeding year was an eventful time for Google. Sailing on the high of its new OS, Google would later get a nasty surprise that seemed to stop everything in its tracks.
On December 14, 2009, VP of Security Engineering, Heather Adkins, and others from the department discovered unusual activity in the form of a single message sent to an employee. What appeared to be a simple phishing attack — where the sender attempts to get the recipient to click on a malicious link or reveal sensitive information — turned out to be something much bigger that would change the industry forever.
Once the link was opened, the user was directed to a website that downloaded malicious software that helped the attacker establish a foothold in one of Google’s servers. The cyberattack was nothing ordinary as it was able to learn and change tactics faster than Google’s local security team could handle at the time. As a result, Google’s security team dropped everything to focus on this one problem.
Right after the initial launch of Android, Google faced one of the most devastating attacks in its history.
The issue was deemed so severe that the team went from dedicating one conference room as its war room to expanding to the entire building. Google’s security experts from around the world assembled at Mountain View and proceeded to pull hard drives from all over its campus to do forensics.
In trying to understand the exploit that was used for the attack, the code word “Aurora” was found in the malicious code. Aurora refers to a Russian battleship that fired a shot that started the Russian revolution. This discovery led to Google starting Operation Aurora, a project that completely changed the way Google handles cybersecurity.
The security team was finally able to rid its network of the attacker after deciding to purge all employees from the network and reset all passwords. In 2010, Google learned at least 20 other companies were compromised and that the culprit behind the attack was a foreign government — China.
This was one of the first instances of a government hacking companies and individuals rather than other governments or government employees.
WannaCry
WannaCry is one of the most infamous ransomware attacks — a cyberattack that holds computers hostage for demands of money — in history, and Google played a hand in figuring out where it originated from.
Google’s Threat Analysis Group (TAG) was formed on the heels of Operation Aurora. Its job is to hunt down and tag cybercriminals and their techniques. This allows different security teams to create defenses and responses to cyberattacks.
The backbone of TAG rests with Google’s search engine, a tool that downloads the entirety of the public-facing internet. As you know, the internet is full of good and bad websites, but Google’s search engine usually flags bad content before it reaches your search results.
WannaCry was a huge problem, and Google was a key player in figuring out what to do about it.
TAG has created a complete replica of Google Search to feed in every bit of malicious software the team finds. This way it has a full index of malicious software the team can search through when identifying attack techniques.
In the documentary, Director of TAG, Shane Huntley, says his team used this system against the notorious WannaCry attack that affected over 200,000 computers in 150 countries.
The group plugged the malware into their search engine and found related behaviors and accounts being used to set up the malware. Their investigation led to them figuring out that the North Korean government was behind the chaos.
An army of fake security experts
WannaCry wasn’t the only cyberattack that was linked to North Korea. The North Korean government also tried to gain inside information by trying to gain the trust of security experts around the world through elaborate fake personas.
In January 2021, it was discovered that an army of supposed security experts were just fake accounts created by a malicious actor. The purpose of these accounts was to gain the trust of real security experts. This was done through careful, calculated conversations that could trick any expert. Once trust was gained, the fake persona would ask the experts to check out a website.
As it turns out, not every associate Google experts meet is a real security researcher — or even a real person.
As you probably suspected, the websites contained exploits that would give the malicious actor access to the researcher’s machine. This is especially dangerous because researchers’ computers are likely to contain cybersecurity research that could teach the hacker how these experts make the locks used to block malware. With this information, they would be able to create ways to break those safeguards.
Once again, Google was able to find the origin of the attack. The detection and response team also found that two of Google’s own computers had been compromised by one of these fake accounts.
No chloroforming guards
Implementing cybersecurity measures is a great way to protect your company and the people who use your products and services from cyber threats. But what use do those efforts have if they aren’t effective? That’s why a key part of ensuring the quality of your cybersecurity is testing. Google’s Red Team is in charge of trying to find exploits in the company’s cybersecurity.
Known as penetration and vulnerability tests, Red Team works to hack into every product Google has. Sometimes this requires creative thinking.
One team at Google spends its days trying to hack Google itself, but they have to follow a few rules.
One example of this is when the group went after Google Glass. To hack into the project, Red Team came up with a plan to offer USB plasma globes preloaded with malware to other employees around the campus. Sure enough, someone ended up plugging one of the globes into their computer and the team was able to gain access to the Google Glass project through a series of infections called a kill chain.
Something you may not expect, however, is the team has a set of rules that it has to follow. Before conducting any attack, every member of the team has to agree to certain terms of engagement to make sure no one gets hurt. Among those rules, it explicitly states that they cannot break anything, access real customer data, threaten anyone, send bribes, or chloroform guards.
Multiple generations of mobile spying
Project Zero is a dedicated team that hunts down vulnerabilities and reports them. They are in charge of finding what’s known as zero-day hacks — a weak point in a program’s code that’s discovered by cybercriminals before the people responsible for fixing it. People have zero days to defend themselves against a zero-day attack, hence the name.
The documentary states that zero-day vulnerabilities have been used to do everything from surveilling human rights activists to damaging physical infrastructure. For example, the Aurora attack was a zero-day exploit.
An undisclosed off-the-shelf phone was basically a video spy device.
Thanks to the efforts of Security Engineer Natalie Silanovich, it was discovered that five different video chat apps had a vulnerability that could allow a hacker to force a phone to transmit video and audio without the owner knowing.
One of the biggest discoveries Project Zero made had to do with a popular mobile phone. In December 2018, TAG found a group of exploits that were being used against an unnamed handset. Project Zero analyzed the exploits and found that the vulnerabilities could allow someone to take chat histories, photos, GPS locations, and more.
What’s more troubling is that it appeared this exploit had existed for multiple generations of that mobile device. And in fact, the exploit was being used to spy on the Uyghur community.
Which of these revelations did you find the most interesting? Let us know in the poll below.