Professional Documents
Culture Documents
Article
Article
The Keyword
Stefan Friedli
S Google Red Team
OK
Google serves cookies to analyze traffic to this site. Information about your use of our site is shared with Google
for that purpose. See details.
https://blog.google/technology/safety-security/meet-the-team-responsible-for-hacking-google/ 1/4
9/15/22, 6:02 PM Meet the team responsible for hacking Google
Creating safe and secure products for everyone is the top priority for Google's security
The
teams. WeKeyword
work across the globe to keep up with current threats, improve security
controls, conduct attack detection/prevention, and eliminate entire classes of
vulnerabilities by driving new and better frameworks. Our teams also actively monitor
adversaries, making sure we have all the intelligence to be prepared for malicious activity
and targeted campaigns against our Googlers or the people who use our services daily.
Today, we would like to shine a spotlight on one security team at Google — the Red Team
— that supports all of these efforts in a way that might initially seem counterintuitive: by
hacking Google.
The term “Red Team” came from the military, and described activities where a designated
team would play an adversarial role (the “Red Team”) against the “home” team, who
would seek to adapt to the Red Team’s activities and counteract them. Over the years,
these terms have found their way into the information security (InfoSec) space.
Google’s Red Team is a team of hackers that simulate a variety of adversaries, ranging
from nation states and well-known Advanced Persistent Threat (APT) groups to
hacktivists, individual criminals or even malicious insiders. Whatever actor is simulated,
we will mimic their strategies, motives, goals, and even their tools of choice — placing
ourselves inside the minds of hackers targeting Google.
Collaborative adversity
https://blog.google/technology/safety-security/meet-the-team-responsible-for-hacking-google/ 2/4
9/15/22, 6:02 PM Meet the team responsible for hacking Google
While Red Team exercises conducted at Google simulate an actor that is in most cases
The
hostile Keyword
and/or disruptive, there is a very clear distinction between the simulated threat
and the engineers that play their role. While the threat actor seeks to reach their
nefarious goals, Red Team engineers are Googlers that keep people’s safety in mind.
There is very close collaboration between the team simulating the attackers and the
teams acting as defenders (e.g., Threat Analysis Group (TAG) and Detection/Response
teams), who might identify suspicious activities and respond to them. Since there are
multiple exercises happening at any given time, we differentiate between several types of
exercises and the response after detection. For most exercises, one of our primary goals
is to test detection and make it as efficient as possible for defenders to verify that a
signal is associated with an exercise. By doing this, we avoid using resources that could
be used to thwart malicious activities targeting people using our services or our wider
infrastructure. In other exercises, we want to make sure that the entire process of
identifying, isolating and ejecting the attackers, works as intended and that we are able to
improve processes.
Safety First
Given the sensitive nature of the work the Red Team does, safety protocols are key and
all exercises are overseen by senior engineers. Making sure an exercise is conducted in a
safe and responsible manner is as important as any other goal the team is trying to
achieve. This may mean forgoing realistic simulation in favor of spending more time on
making sure each action is documented, no sensitive data is accessed without proper
oversight, and that laws and regulations are obeyed — which is traditionally not
something that APT groups are overly concerned about. For the Red Team, accurately
simulating the technical capabilities of highly advanced threat actors in a safe and
responsible way is core to their mission.
OKFor exercises focusing on detection, actions taken by the team are accessible at any time
by the defenders to ensure that we can quickly rule out an external actor acting
maliciously. Even if this does not become a necessity, the team will report their activities
in detail to address any new findings discovered during the exercise.
Fostering change
In addition to testing and helping improve detection and response capabilities, we also
actively
Google serves research
cookies and identify
to analyze traffic tonew
thisattack vectors based
site. Information onyour
about adversarial research.
use of our It is with Google
site is shared
criticalSee
for that purpose. to the Red Team's mission to ensure that any newfound attack surface is shared
details.
with both the responsible product teams and the larger security team as soon as
possible so that Google can adapt defensive controls and implement improvements to
remediate the root cause.
https://blog.google/technology/safety-security/meet-the-team-responsible-for-hacking-google/ 3/4
9/15/22, 6:02 PM Meet the team responsible for hacking Google
Since its inception over a decade ago, the Red Team has adapted to a constantly evolving
threatThe Keyword
landscape and been a reliable sparring partner for defense teams across Google.
Yet, new challenges await every day and the Red Team continually works to make the job
– the job of hacking Google – harder. It’s a challenge we happily accept to keep people
safe.
POSTED IN:
Life At Google
Related stories
OK
MY PATH TO GOOGLE LIFE AT GOOGLE
https://blog.google/technology/safety-security/meet-the-team-responsible-for-hacking-google/ 4/4