Google — Illegal Competitor or National Security Threat
By
Duane Thresher, Ph.D. January 25, 2018
If the Meltdown and Spectre security vulnerabilities are
relatively unimportant as I argued in
Meltdown
and Spectre Security Vulnerabilities — Deck Chairs on
the Titanic, then they are illegal attacks by Google on
its competitors and Google should be investigated by the SEC
and DOJ. If they are as catastrophic as they have been made
out to be, then Google is a national security threat and
should be investigated by the FBI (or higher DOJ) and
DHS.
If Meltdown and Spectre are unimportant security
vulnerabilities then they are illegal competition by
Google.
When the Meltdown and Spectre security vulnerabilities were
announced, before the affected companies like Intel, Apple,
and Amazon had time to fully prepare, the value of those
companies lost billions and their reputations were harmed,
probably permanently. Google paid for the discovery and
exploit development ("proof of concept") of these security
vulnerabilities and helped publicize them. Google is a
competitor with Intel, Apple, and Amazon so has a strong
motive to harm their reputations. (It will be revealing to
see if Google comes out with hardware or software that doesn't
have these security vulnerabilities and uses that as a selling
point.) This tactic is classic stock manipulation and unfair
competition and should be investigated by the SEC and DOJ
(Antitrust Division).
Google helped pay for the discovery and exploit development of
these security vulnerabilities and helped publicize them
through its Project Zero. The publicity campaign webpage for
Meltdown and Spectre (
www.MeltdownAttack.com
and
www.SpectreAttack.com
webpage; two "Attack!" domain names, one webpage) is full of
carefully-worded statements designed to cause irrational fear.
From the Questions & Answers (quoted paragraphs):
"What can be leaked? This may include passwords and sensitive
data stored on the system."
Despite the mention of this everywhere there is nothing about
the security vulnerabilities that targets passwords and
sensitive information in particular. Most of the leaked data
will be cute cat videos.
"Am I affected by the vulnerability? Most certainly, yes.
Can my antivirus detect or block this attack? While possible
in theory, this is unlikely in practice. Can I detect if
someone has exploited Meltdown or Spectre against me?
Probably not. Has Meltdown or Spectre been abused in the
wild? We don't know. Why is it called Spectre? As it is not
easy to fix, it will haunt us for quite some time."
Summary: You are vulnerable, you can't protect yourself, you
won't know it if you are hacked, you may have already been
hacked, and it's never going to go away! Be afraid, be very
afraid! It's a criminal offense to falsely yell "fire!" in a
crowded movie theater, particularly as business competition.
This is a very close analogy.
Google forced or was abetted by the media into helping with
this hype that harmed its competitors. The media, struggling
financially, is heavily dependent on Google for advertising.
When someone Googles something it is incredibly valuable to
the media to have one of its articles about the subject come
up at the top of the search results. The media will go along
with anything Google suggests out of fear of reprisals, which
Google and its secret search listing algorithms can easily
do.
This is particularly true for the subject of IT (Information
Technology). The
media knows
little about IT — most IT reporters were English
majors or worse — and will believe without question
anything Google says about IT.
Google and the media also hate Trump and will say anything to
discredit him, for example by implying no one is safe with him
as president.
Google is the same as the robber barons of American history,
gigantic monopolies trying to unfairly eliminate any
competition until finally the US Government had to step in and
stop them before they ended up controlling even all of the
government. Google may even be a more powerful and
destructive robber baron. They are the biggest lobbyist in
Washington D.C. The SEC and DOJ should investigate and make a
case, The People Versus Google.
If Meltdown and Spectre are really catastrophic security
vulnerabilities then Google is a very large national security
threat.
When the
Edward
Snowden revelations about NSA spying were made, Google was
heavily implicated as colluding with the NSA. Google denied
this or implied that they were forced to work with the NSA and
couldn't talk about it by law (the Patriot Act).
Additionally, Google hates Trump and the America that voted
for him. They thus have a strong motive to attack the NSA,
Trump and America. Moreover, they are strongly influenced by
foreign and domestic enemies, those who hate the NSA, Trump
and America. Google is thus a national security threat, a
very large one.
Google Project Zero is listed first as the company responsible
for the discovery and exploit development of the Meltdown and
Spectre security vulnerabilities. Google Project Zero looks
for "zero-day" security vulnerabilities and develops exploits
for them just like other hackers. Zero-day security
vulnerabilities are previously unknown, with no time for
protective patches to have been made. They thus can be the
most successful and devastating. So much so that if there
weren't so much IT incompetence in government they would be
classified information.
Nuclear weapons designs are classified information even though
if they were made public there would still be the
nearly-insurmountable problem of getting the materials to make
a usable nuclear weapon, unlike exploiting security
vulnerabilities, where the knowledge is enough. Hackers like
Google argue that being open about security vulnerabilities is
safer, based on the old saying that any security measure that
depends on its secrecy is inherently insecure. However, by
their own words these security vulnerabilities can't easily be
protected against so that theory is just nonsense — they
are just handing weapons to hackers for use against the
unprotected.
Damningly, Google has shown that it is more than willing to
censor free speech for all other subjects except distributing
hacking tools. Google is the leading provider of email
service, including by government officials, and until recently
openly admitted that user emails were read by them. This is
why Google discourages the use of email encryption by users
and the use of POP email accounts, where you download your
email off their servers. This Google reading of emails was
supposedly just by computer and for spam protection —
which includes emails from conservative organizations —
in which case it does censor the emails, and for ad targeting
purposes, but you have to take Google's word for this and
there have been publicized instances indicating this may not
always be so innocent (and worse than Google employees just
reading their ex-girlfriends' emails).
On less evidence than given here, there have been accusations
and actions by the media and US Government against foreign
state-sponsored hacking; for example, against Russian
Kaspersky Lab, a leading provider of anti-virus software, and
against Chinese Huawei Technologies, a leading provider of
telecommunications equipment.
Yet the Meltdown and Spectre hacker listed as part of Google
Project Zero, Jann Horn, is foreign, as are many others
listed. The young Jann Horn is a media darling and from
Germany. He first came to prominence when he was given an
award by German Chancellor Angela Merkel in a government-run
academic competition, including hacking.
Merkel is well known for hating the NSA and Trump. She had
her cell phone tapped by the NSA and complained loudly about
it. (To be fair to the NSA, Germany was home to several key
operatives of the 9/11 attacks, the Hamburg Cell. Germany is
an NSA Tier B level of cooperation country: some limited
cooperation but targeted themselves for aggressive
surveillance.) Merkel's rants against Trump are well known.
Merkel would obviously love to get back at the NSA and Trump.
She may have.
Furthermore, Merkel and Google have already colluded to censor
speech in Germany, much like Google did for China.
Other Meltdown and Spectre hackers are from Germany as well:
Werner Haas and Thomas Prescher of Cyberus Technology (a play
on Cerberus, the three-headed dog at the gates of hell). Some
are from Austria. Daniel Gruss, Moritz Lipp, Stefan Mangard,
and Michael Schwarz are from Graz University of Technology,
which is also responsible for the Meltdown and Spectre
webpage. Graz University of Technology is a very low-rated
university, #618 in US News Best Global Universities, which
don't attract the most respectable people.
Even if the Meltdown and Spectre hackers were not foreign they
still may be a domestic threat, and have Google
connections. For example, one of the hackers, Mike Hamburg of
Rambus Inc. in Sunnyvale California wrote in his
www.ShiftLeft.org blog, in an entry titled "Joshua fit the
battle of Jericho" on January 29, 2017:
"After one week of Trump, it is clearer than ever that
Americans must stand against the incoming administration, and
for what is right. But take heart: God's justice is so
inevitable that, as long as we are standing with Him and
against injustice, it is as though we have already
won."
"God's justice" is usually violently fatal and in fact the
entry title is a reference to such a story from the Bible's
Old Testament, Joshua 6:1-27. It describes the Battle of
Jericho where special weapons, horns and the Ark of the
Covenant, were used to breach the walls of Jericho (analogy:
Spectre breaching firewalls). After Jericho's wall fell
Joshua followed God's command and killed every living thing in
the city, except the harlot and her family who had helped
Joshua's spies in Jericho. Joshua is also revered by Muslims
as one of Moses's spies.
Additionally on Hamburg's blog his "about me" page shows a
photo of him dressed in body armor: a helmet and a bulletproof
tactical vest. Hamburg's blog is hosted on a server in his
apartment (where it can be removed quickly and completely) and
on his "privacy" page he talks about allowing others to use
his server logs to "stalk people".
Hamburg used to work for Google.
Another of the Meltdown and Spectre hackers, Paul Kocher, also
works at Rambus Inc., where Hamburg does.
An even more important domestic threat may be inherent in
Google.
On less evidence than given here, there have been accusations
and actions by the media and US Government against Russian
interference in the last US election. Google in fact was
questioned by Congress about letting Russian agents pretend
they were Americans speaking out in the last
election.
But Google had an inherent Russian influence from the start.
One of the two founders of Google was Sergey Brin. He was
born (Moscow) and raised in Soviet Russia until he was six,
when he came to the United States. Most religions and
ideologies know that if they can get to people when they are
young, before age seven, they will have them as believers for
life. Like Merkel, who was raised in East Germany, Brin
probably inherently believes the Soviet Union is how
government should be.
Brin was a big proponent of Google glasses (he is wearing them
in his photo accompanying this article), which were a flop
because so many people feared them as ubiquitous spying.
George Orwell's 1984 and its Big Brother were based on the
Soviet Union. Interestingly though, Google glasses are
illegal in Russia today.
Again, there is an old saying that any security measure that
depends on its secrecy is inherently insecure. Yet, all
Edward Snowden did was make NSA security measures public
(right before he fled to Russia). Google may be a far worse
national security threat than Edward Snowden. The FBI (or
higher DOJ) and DHS should investigate and make a case, The
People Versus Google.