Google sets up crack team to fight the NSA: 'Project Zero' will recruit top hackers to make internet more secure



Will look at everything from accidental flaws in code to major government snooping operations

Aims to make Google's services more secure, and make encryption easier for people to use

Google is setting up a crack team of hackers to protect internet users from government snooping and cyber attacks.

The firm says its 'project zero' will look at everything from accidental flaws in code, known as zero day bugs, to major government operations.

It also aims to make Google's own service more secure, and make encryption easier for people to use.

Google's 'project zero' will look at everything from accidental flaws in code to major government operations, and the search giant said users 'should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications.'

HOW IT WILL WORK 'Every bug we discover will be filed in an external database.

'We will only report bugs to the software's vendor—and no third parties.

'Once the bug report becomes public (typically once a patch is available), you'll be able to monitor vendor time-to-fix performance, see any discussion about exploitability, and view historical exploits and crash traces. 'We also commit to sending bug reports to vendors in as close to real-time as possible, and to working with them to get fixes to users in a reasonable time.' Source: Google

'You should be able to use the web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets or monitor your communications,' Google's Chris Evans, who is leading the project, said.



'Security is a top priority for Google.



'We've invested a lot in making our products secure, including strong SSL encryption by default for Search, Gmail and Drive, as well as encrypting data moving between our data centers.



'Beyond securing our own products, interested Googlers also spend some of their time on research that makes the Internet safer, leading to the discovery of bugs like Heartbleed.'

The success of that part-time research led the firm to set up Project Zero.

'In sophisticated attacks, we see the use of 'zero-day' vulnerabilities to target, for example, human rights activists or to conduct industrial espionage.'



So-called 'zero-day; exploits take advantage of unpatched flaws that programmers have not had time to fix.

There is a thriving black market for the exploits, which can often be sold for thousands of dollars.

Google says it is already hiring hackers for the project, and urged more to get in touch.

'This needs to stop. We think more can be done to tackle this problem.

'We're hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet.



Speaking to Wired, Evans said the project would also target malware downloaded via website.

'People deserve to use the internet without fear that vulnerabilities out there can ruin their privacy with a single website visit,

'We’re going to try to focus on the supply of these high value vulnerabilities and eliminate them.'