Slashdot Mirror

← Back to Stories (view on slashdot.org)

Alphabet's Security Start-Up Wants To Offer History Lessons (nytimes.com)

Posted by BeauHD on from the those-who-do-not-learn-history-are-doomed-to-repeat-it dept.

Chronicle, a security start-up owned by Google's parent company, Alphabet, plans on sharing what it learned from a cyberattack against Google nearly ten years ago. The hack was conducted by the Chinese military and was "one of the most starting cyberattacks on an American company by government-affiliated agents," reports The New York Times. The lessons it learned from that incident will be brought to other companies through a widely anticipated new product called Backstory. From the report: The idea, company executives said, is simple: Backstory will make Alphabet's vast storage, indexing and search abilities available to other companies, allowing them to search through giant volumes of data, going years back, to trace the back story of a malicious attack. Chronicle is hardly the only company doing this. Dozens of companies promise so-called big data threat intelligence and storage. But many of their customers can't afford to pay to search through huge amounts of information. Chronicle will charge customers by their number of employees.

The hack on Google, called Operation Aurora, was historic for an unusual reason: It was the first time a Chinese government hacking victim confronted its attacker. Inside the company, Sergey Brin, one of Google's co-founders, made it his personal mission to make sure something like Aurora never happened again. Google, known for its motto "Don't Be Evil," had a new motto about its cybersecurity: "Never again." Google poached cyberexperts from the National Security Agency and Silicon Valley. It built a threat analysis group on a par with those at the top intelligence agencies and designed a new security infrastructure. It also created a new team, called Google Project Zero, to hunt for critical security flaws in technology outside Google. Chronicle was founded by Mike Wiacek, who started Google's threat analysis group after studying threats at the N.S.A., and Stephen Gillett, the former chief information officer at Starbucks and chief operating officer at Symantec.

10 of 38 comments (clear)

  1. Most Starting by Anonymous Coward · · Score: 3, Funny

    It was the bets of hacks; it was the wurst of hacks.

    1. Re: Most Starting by Anonymous Coward · · Score: 1

      I was so started to read that.

  2. How ironic by scdeimos · · Score: 1

    Google poached cyberexperts from the National Security Agency and Silicon Valley. It built a threat analysis group on a par with those at the top intelligence agencies and designed a new security infrastructure.

    And yet they still let Android TVs browse through other customer's private photo collections. How great their experts must be.

    1. Re:How ironic by phantomfive · · Score: 2

      Security has to be built from the ground up. You can't bolt it on afterwards. All the programmers need to be aware of it.

      --
      "First they came for the slanderers and i said nothing."
    2. Re:How ironic by CODiNE · · Score: 1

      You're correct in principle, but taken to an extreme it would mean rewriting all apps for any vulnerability discovered. In that sense all security fixes are "bolted on" to existing applications/networks. It's true that designing for security up front makes things much more secure in general but it still isn't a panacea. Business needs, second system effect, etc...

      --
      Cwm, fjord-bank glyphs vext quiz
    3. Re: How ironic by phantomfive · · Score: 1

      Nah. I meant if you architect it with security in mind, if people write their queries with that in mind, you have a hope of having secure software. But if you don't build it like that, you're going to have an unending flow of security bugs.

      --
      "First they came for the slanderers and i said nothing."
  3. Known at the time. by Cmdln+Daco · · Score: 1

    Google, knownat the time for its motto "Don't Be Evil,"...

  4. Re:History lesson : by Cmdln+Daco · · Score: 1

    "At this point, what does it matter?"

  5. Re:History lesson : by liquid_schwartz · · Score: 1

    "At this point, what does it matter?"

    The Crown Prince of Saudi Arabia likes your way of thinking and would like to hire you as a publicist.

  6. I remember this part of art of war. by Anonymous Coward · · Score: 1

    Art of war tactic or just plan old stupidity

    I remember in art of war when it said

    "And give your enemies false search with no ads. They will be pleased. Show them irrelevant searches so that they believe it is relevant when it is not. Show them scat when they have explicitly enabled safesearch and their men will be distracted and demoralized with images of goatse, tubgirl, and poopface.jpg. If you do these things then victory is yours before the first sword is drawn."

    --Sun Tsu