Alphabet’s security startup wants to offer history lessons

Ten years ago, Google was hacked by the Chinese military in one of the most startling cyberattacks on a U.S. company by government-affiliated agents.

This week, Chronicle, a security startup owned by Google’s parent company, Alphabet, plans to bring some of what it learned from that incident to other companies through a widely anticipated new product called Backstory.

The idea, company executives said, is simple: Backstory will make Alphabet’s vast storage, indexing and search abilities available to other companies, allowing them to search through giant volumes of data, going years back, to trace the backstory of a malicious attack.

Chronicle is hardly the only company doing this. Dozens of companies promise so-called big data threat intelligence and storage. But many of their customers can’t afford to pay to search through huge amounts of information.

Chronicle will charge customers by their number of employees. The hack on Google, called Operation Aurora, was historic for an unusual reason: It was the first time a Chinese government hacking victim confronted its attacker.

Inside the company, Sergey Brin, one of Google’s co-founders, made it his personal mission to make sure something like Aurora never happened again. Google, known for its motto “Don’t Be Evil,” had a new motto about its cybersecurity: “Never again.”

Google poached cyber experts from the National Security Agency and Silicon Valley. It built a threat analysis group on par with those at the top intelligence agencies and designed a new security infrastructure. It also created a new team, called Google Project Zero, to hunt for critical security flaws in technology outside Google.

“When the Chinese attacked in 2010, that was an entire wake-up call for us; our entire attitude changed,” said Eric Schmidt, a member of Alphabet’s board of directors who was chief executive of Google at the time of incident, in an interview.

Google turned the company’s storage, search and computational power into a security weapon of sorts. Whenever something malicious appeared on the internet, Google could search its entire network — years back — in minutes to see if it had ever touched its systems.

For many companies, that is a remarkably difficult task. The most popular services for storing that kind of security data are companies, like Splunk, that charge by the amount of data indexed.

Inside Alphabet’s X, the company’s “moonshot factory” where Chronicle got its start, are all sorts of futuristic gadgets, from electricity-generating kites to autonomous delivery drones. By comparison, what Chronicle is doing is notably practical.

Chronicle was founded by Mike Wiacek, who started Google’s threat analysis group after studying threats at the NSA, and Stephen Gillett, former chief information officer at Starbucks and chief operating officer at Symantec.

They first started discussing the company’s plans publicly more than a year ago, worrying startups doing similar work. But Wiacek and Gillett said they were interested in collaborating with other companies.

Wiacek said others inside Alphabet’s X headquarters often asked him what he was doing there. “This is a moon shot, I tell them,” he said. “Just because it has an air of practicality about it, and doesn’t sound like science fiction, makes it no less audacious.”