Google Manager of Information Security Heather Adkins said that she sees the United States National Security Agency as a general security threat while speaking at TechCrunch Disrupt SF 2017 on Monday. Ms. Adkins was asked whether she would label the NSA as a “state-sponsored threat” in the same vein that the likes of Russia and China are viewed, to which she responded positively. Google’s security chief suggested that the NSA itself isn’t a security threat so much as the software tools and techniques it develops are, likely referencing an April incident which saw a range of hacking tools supposedly created by the federal agency being leaked online. That same software was reportedly later used for enabling a global ransomware attack known as “WannaCry” which infected numerous computers around the planet and compromised a broad range of systems, including some that are critical in nature like hospital software.
Ms. Adkins on Monday also confirmed that she worries about the NSA as much as she does about other organizations which could employ identical tools and techniques, noting how even “a Mexican cartel” could target Google’s customers by relying on the same means of hacking. Due to that state of affairs, no single actor, program, or technique is as dangerous as the possibility of an efficient hacking tool being disseminated among malicious individuals and entities, Ms. Adkings suggested. The WannaCry attack was never linked to the NSA beyond a reasonable doubt, with some security experts previously associating the ransomware with Russia and the NSA itself tracking its creation to North Korea.
During the same event, Ms. Adkins said that no single company can entirely avoid the possibility of getting hacked, thus stressing the importance of having a viable emergency strategy, i.e. being able to respond to a successful hacking attack in a timely manner. The Alphabet-owned company was last hacked in 2009 as part of Operation Aurora, a series of sophisticated attacks conducted by actors from China who used the same techniques to target several other tech companies like Yahoo and Adobe Systems. The attacks resulted in a theft of some of Google’s intellectual property and are also believed to have been aimed at a number of Chinese dissidents.