Google -- Illegal Competitor or National Security Threat
By Duane Thresher, Ph.D. January 25, 2018
If the Meltdown and Spectre security vulnerabilities are relatively unimportant as I argued in Meltdown and Spectre Security Vulnerabilities -- Deck Chairs on the Titanic, then they are illegal attacks by Google on its competitors and Google should be investigated by the SEC and DOJ. If they are as catastrophic as they have been made out to be, then Google is a national security threat and should be investigated by the FBI (or higher DOJ) and DHS.
If Meltdown and Spectre are unimportant security vulnerabilities then they are illegal competition by Google.
When the Meltdown and Spectre security vulnerabilities were announced, before the affected companies like Intel, Apple, and Amazon had time to fully prepare, the value of those companies lost billions and their reputations were harmed, probably permanently. Google paid for the discovery and exploit development ("proof of concept") of these security vulnerabilities and helped publicize them. Google is a competitor with Intel, Apple, and Amazon so has a strong motive to harm their reputations. (It will be revealing to see if Google comes out with hardware or software that doesn't have these security vulnerabilities and uses that as a selling point.) This tactic is classic stock manipulation and unfair competition and should be investigated by the SEC and DOJ (Antitrust Division).
Google helped pay for the discovery and exploit development of these security vulnerabilities and helped publicize them through its Project Zero. The publicity campaign webpage for Meltdown and Spectre (www.MeltdownAttack.com and www.SpectreAttack.com webpage; two "Attack!" domain names, one webpage) is full of carefully-worded statements designed to cause irrational fear. From the Questions & Answers (quoted paragraphs):
"What can be leaked? This may include passwords and sensitive data stored on the system."
Despite the mention of this everywhere there is nothing about the security vulnerabilities that targets passwords and sensitive information in particular. Most of the leaked data will be cute cat videos.
"Am I affected by the vulnerability? Most certainly, yes. Can my antivirus detect or block this attack? While possible in theory, this is unlikely in practice. Can I detect if someone has exploited Meltdown or Spectre against me? Probably not. Has Meltdown or Spectre been abused in the wild? We don't know. Why is it called Spectre? As it is not easy to fix, it will haunt us for quite some time."
Summary: You are vulnerable, you can't protect yourself, you won't know it if you are hacked, you may have already been hacked, and it's never going to go away! Be afraid, be very afraid! It's a criminal offense to falsely yell "fire!" in a crowded movie theater, particularly as business competition. This is a very close analogy.
Google forced or was abetted by the media into helping with this hype that harmed its competitors. The media, struggling financially, is heavily dependent on Google for advertising. When someone Googles something it is incredibly valuable to the media to have one of its articles about the subject come up at the top of the search results. The media will go along with anything Google suggests out of fear of reprisals, which Google and its secret search listing algorithms can easily do.
This is particularly true for the subject of IT (Information Technology). The media knows little about IT -- most IT reporters were English majors or worse -- and will believe without question anything Google says about IT.
Google and the media also hate Trump and will say anything to discredit him, for example by implying no one is safe with him as president.
Google is the same as the robber barons of American history, gigantic monopolies trying to unfairly eliminate any competition until finally the US Government had to step in and stop them before they ended up controlling even all of the government. Google may even be a more powerful and destructive robber baron. They are the biggest lobbyist in Washington D.C. The SEC and DOJ should investigate and make a case, The People Versus Google.
If Meltdown and Spectre are really catastrophic security vulnerabilities then Google is a very large national security threat.
When the Edward Snowden revelations about NSA spying were made, Google was heavily implicated as colluding with the NSA. Google denied this or implied that they were forced to work with the NSA and couldn't talk about it by law (the Patriot Act). Additionally, Google hates Trump and the America that voted for him. They thus have a strong motive to attack the NSA, Trump and America. Moreover, they are strongly influenced by foreign and domestic enemies, those who hate the NSA, Trump and America. Google is thus a national security threat, a very large one.
Google Project Zero is listed first as the company responsible for the discovery and exploit development of the Meltdown and Spectre security vulnerabilities. Google Project Zero looks for "zero-day" security vulnerabilities and develops exploits for them just like other hackers. Zero-day security vulnerabilities are previously unknown, with no time for protective patches to have been made. They thus can be the most successful and devastating. So much so that if there weren't so much IT incompetence in government they would be classified information.
Nuclear weapons designs are classified information even though if they were made public there would still be the nearly-insurmountable problem of getting the materials to make a usable nuclear weapon, unlike exploiting security vulnerabilities, where the knowledge is enough. Hackers like Google argue that being open about security vulnerabilities is safer, based on the old saying that any security measure that depends on its secrecy is inherently insecure. However, by their own words these security vulnerabilities can't easily be protected against so that theory is just nonsense -- they are just handing weapons to hackers for use against the unprotected.
Damningly, Google has shown that it is more than willing to censor free speech for all other subjects except distributing hacking tools. Google is the leading provider of email service, including by government officials, and until recently openly admitted that user emails were read by them. This is why Google discourages the use of email encryption by users and the use of POP email accounts, where you download your email off their servers. This Google reading of emails was supposedly just by computer and for spam protection -- which includes emails from conservative organizations -- in which case it does censor the emails, and for ad targeting purposes, but you have to take Google's word for this and there have been publicized instances indicating this may not always be so innocent (and worse than Google employees just reading their ex-girlfriends' emails).
On less evidence than given here, there have been accusations and actions by the media and US Government against foreign state-sponsored hacking; for example, against Russian Kaspersky Lab, a leading provider of anti-virus software, and against Chinese Huawei Technologies, a leading provider of telecommunications equipment.
Yet the Meltdown and Spectre hacker listed as part of Google Project Zero, Jann Horn, is foreign, as are many others listed. The young Jann Horn is a media darling and from Germany. He first came to prominence when he was given an award by German Chancellor Angela Merkel in a government-run academic competition, including hacking.
Merkel is well known for hating the NSA and Trump. She had her cell phone tapped by the NSA and complained loudly about it. (To be fair to the NSA, Germany was home to several key operatives of the 9/11 attacks, the Hamburg Cell. Germany is an NSA Tier B level of cooperation country: some limited cooperation but targeted themselves for aggressive surveillance.) Merkel's rants against Trump are well known. Merkel would obviously love to get back at the NSA and Trump. She may have.
Furthermore, Merkel and Google have already colluded to censor speech in Germany, much like Google did for China.
Other Meltdown and Spectre hackers are from Germany as well: Werner Haas and Thomas Prescher of Cyberus Technology (a play on Cerberus, the three-headed dog at the gates of hell). Some are from Austria. Daniel Gruss, Moritz Lipp, Stefan Mangard, and Michael Schwarz are from Graz University of Technology, which is also responsible for the Meltdown and Spectre webpage. Graz University of Technology is a very low-rated university, #618 in US News Best Global Universities, which don't attract the most respectable people.
Even if the Meltdown and Spectre hackers were not foreign they still may be a domestic threat, and have Google connections. For example, one of the hackers, Mike Hamburg of Rambus Inc. in Sunnyvale California wrote in his www.ShiftLeft.org blog, in an entry titled "Joshua fit the battle of Jericho" on January 29, 2017:
"After one week of Trump, it is clearer than ever that Americans must stand against the incoming administration, and for what is right. But take heart: God's justice is so inevitable that, as long as we are standing with Him and against injustice, it is as though we have already won."
"God's justice" is usually violently fatal and in fact the entry title is a reference to such a story from the Bible's Old Testament, Joshua 6:1-27. It describes the Battle of Jericho where special weapons, horns and the Ark of the Covenant, were used to breach the walls of Jericho (analogy: Spectre breaching firewalls). After Jericho's wall fell Joshua followed God's command and killed every living thing in the city, except the harlot and her family who had helped Joshua's spies in Jericho. Joshua is also revered by Muslims as one of Moses's spies.
Additionally on Hamburg's blog his "about me" page shows a photo of him dressed in body armor: a helmet and a bulletproof tactical vest. Hamburg's blog is hosted on a server in his apartment (where it can be removed quickly and completely) and on his "privacy" page he talks about allowing others to use his server logs to "stalk people".
Hamburg used to work for Google.
Another of the Meltdown and Spectre hackers, Paul Kocher, also works at Rambus Inc., where Hamburg does.
An even more important domestic threat may be inherent in Google.
On less evidence than given here, there have been accusations and actions by the media and US Government against Russian interference in the last US election. Google in fact was questioned by Congress about letting Russian agents pretend they were Americans speaking out in the last election.
But Google had an inherent Russian influence from the start. One of the two founders of Google was Sergey Brin. He was born (Moscow) and raised in Soviet Russia until he was six, when he came to the United States. Most religions and ideologies know that if they can get to people when they are young, before age seven, they will have them as believers for life. Like Merkel, who was raised in East Germany, Brin probably inherently believes the Soviet Union is how government should be.
Brin was a big proponent of Google glasses (he is wearing them in his photo accompanying this article), which were a flop because so many people feared them as ubiquitous spying. George Orwell's 1984 and its Big Brother were based on the Soviet Union. Interestingly though, Google glasses are illegal in Russia today.
Again, there is an old saying that any security measure that depends on its secrecy is inherently insecure. Yet, all Edward Snowden did was make NSA security measures public (right before he fled to Russia). Google may be a far worse national security threat than Edward Snowden. The FBI (or higher DOJ) and DHS should investigate and make a case, The People Versus Google.