Google Creates Elite Team To Fight Hackers -- And Maybe The NSA

Google logo is seen on a wall at the entrance of the Google offices in Brussels on February 5, 2014. The European Commission
Google logo is seen on a wall at the entrance of the Google offices in Brussels on February 5, 2014. The European Commission accepted the latest proposals by US giant Google to remedy complaints it abuses its dominant position in the Internet search market, opening the way to a settlement.'I believe that the new proposal obtained from Google after long and difficult talks can now address the Commission's concerns,' Almunia said AFP PHOTO GEORGES GOBET (Photo credit should read GEORGES GOBET/AFP/Getty Images)

Google said Tuesday it had created an elite team of researchers to find and report major Internet security flaws, potentially thwarting both Chinese hackers and U.S. intelligence agencies.

In a blog post, Google security engineer Chris Evans said the team, dubbed Project Zero, will hunt for bugs in widely used software and report them to vendors so they can be fixed before hackers exploit them for malicious purposes.

Evans said sophisticated hackers have used software flaws to spy on human rights activists or steal trade secrets from major companies. Hackers also sell knowledge of such previously unknown bugs to other hackers or foreign governments for thousands of dollars.

“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” Evans said.

“Our objective is to significantly reduce the number of people harmed by targeted attacks,” he added.

The mission of Project Zero appears to run counter to the work of the National Security Agency, which has reportedly exploited software bugs as part of its controversial spying programs.

Earlier this year, President Barack Obama created an exception that allows the NSA to take advantage of security flaws to collect intelligence, but only when there is “a clear national security or law enforcement need,” The New York Times reported.

In April, Bloomberg News reported the NSA knew for at least two years about the so-called Heartbleed bug -- a major Internet security flaw disclosed in April -- and exploited it to collect intelligence. U.S. officials denied the report.

Google already offers security researchers as much as $20,000 for finding and reporting security bugs in its own software. But Evans said Project Zero's mission would be much broader. The team also will hunt for bugs in other companies’ code and report them to vendors.

Evans said Google was hiring “the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet."

Project Zero will have 10 full-time researchers. So far, the team has enlisted several experts with some measure of fame in the security world. The team’s intern, for example, is George Hotz, according to Wired. As a teenager, Hotz became well known for being the first person to hack AT&T’s iPhone. He later hacked Sony’s Playstation 3.



Edward Snowden