Google has announced it has formed a team composed of Internet security professionals and experts to handle unknown bugs on the Internet that may be used to commit widespread cyberattacks. The initiative is basically a digital vaccine for the Internet, preemptively fixing security flaws before it even becomes a problem.
The program's objective is to find zero day vulnerabilities, which are basically bugs in computer software that have not yet been discovered by hackers. Zero day vulnerabilities are not only used by criminals looking to turn a profit from credit card information. Intelligence agencies have also been known to use security flaws in software to conduct surveillance. In fact, the NSA was said to have known about the one of the biggest security flaws in history, the Heartbleed Bug, for about two years before it was discovered.
The group, called Project Zero, is made up of researchers who have a reputation for being prolific software bug hunters. According to initial reports, the team includes hackers such as Ben Hawkes, Tavis Ormandy and George Hotz. Just last year, Hawkes managed to find dozens of vulnerabilities in Microsoft Office and Adobe Flash. Ormandy, on the other hand, is considered one of the world's foremost software bug hunters. Recently, he even exposed anti-virus software that have security holes. Hotz, who is described as a hacker prodigy, was once sued by Sony for reverse engineering the Playstation 3. He also holds the distinction of being the first hacker to compromise the lock on AT&T iPhones in 2007. Earlier this year, he received a $150,000 reward from Google for finding workarounds to the Chrome operating system's security protocols.
In a blog post, Chris Evans, who is in charge of security for the Google Chrome browser, said that the formation of the Project Zero team is due to the success of part-time researchers who discovered the Heartbleed Bug.
"You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications... This needs to stop," Evans said.
Project Zero hackers won't be working exclusively on Google services. They have been tasked with finding flaws in all softwares and apps. The program is meant to improve on Google's existing bug bounty program, which offers rewards that range from $100 to $20,000.