Never one to let an old adage to get the best of them, Google has unveiled its plans to “fight fire with fire”, hiring a whole new team of hackers to staff a new initiative it has dubbed “Project Zero”.
Instead of simply looking for holes in its own products like Chrome or Drive, Project Zero will be a force of elite engineers pulled from every area of Internet security imaginable, shouldered with the admittedly daunting task of bringing down the Internet’s bad guys one voracious virus and malicious malware assault at a time.
“You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,” Google security researcher Chris Evans said in a blog post.
“This needs to stop. We think more can be done to tackle this problem.”
The focus of the group will primarily be on zero-day exploits, holes that many underground networks and hacker rings depend on in order to keep the illicitly-acquired cash flowing into their already-too-padded pockets.
The problem has continued to grow at an exponential rate in recent years, dwarfing other tactics in favor of the massive paydays that average hackers can often see upfront and in bulk, rather than committing to the arduous task of running long campaigns which may only pay out a pittance by the time their botnets have DDOSed every website under the sun and then some.
Google was adamant about its dedication to keeping the whole process transparent from start to finish. It assures anyone who might be wary about its ambitions that it plans to immediately report any findings by the team, and that all information gathered by their efforts would be publicly available so anyone with a keyboard, and a will to stand up in the fight, would be given the chance to take on a world that’s out to loot their pocketbook.
Google has backed this up with the launch of its easily accessible online database, which should slowly start to swell with content as the operation gets up and running within the next few critical weeks.
“We commit to doing our work transparently. Every bug we discover will be filed in an external database. We will only report bugs to the software’s vendor—and no third parties. Once the bug report becomes public (typically once a patch is available), you’ll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces. We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time.”
All in all, it doesn’t look as though Google is trying to put any of the major security outfits out of business with this move, but instead add its deep pockets of support to the seemingly never-ending fight against malware developers, virus distributors, and zero-day exploitation experts who prey on weaker software for personal and financial gain.