NSA planned to hijack Google Play and place spyware on Android phones
by: Daniel Barker | Saturday, May 30, 2015
(NaturalNews) We already know a lot about the illegal and unconstitutional National Security Agency (NSA) spy programs, thanks in great part to Edward Snowden’s efforts, but now there is proof of activities on the part of the agency that go beyond what anyone imagined the NSA would ever contemplate.
It has been revealed that the now notorious (but still in operation) spy agency had plans to hijack app stores with the aim of infecting smartphones with spyware. The complicated high-tech methods for doing so would also have given the NSA the ability to send disinformation to the infected phones, which apparently would be done in order to disrupt the actions of protesters and other citizen movements the agency deemed a threat.
These new details of the agency’s program — codenamed Irritant Horn — were revealed in a report published by Canada’s CBC and Glen Greenwald’s The Intercept news site.
A top secret document provided by former NSA insider-turned-whistleblower Edward Snowden contained the details of the plan. The document was in the form of a PowerPoint presentation used in a series of workshops conducted for the benefit of the «Five Eyes» network, an alliance of snooping agencies from U.S., the U.K., Canada, Australia and New Zealand.
From The Intercept:
The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google. (Google declined to comment for this story. Samsung said it would not be commenting «at this time.»)
As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious «implants» to targeted devices. The implants could then be used to collect data from the phones without their users noticing.
Documents released by Snowden had already indicated that the Five Eyes alliance had developed spyware designed to be installed on iPhones and Android devices that was capable of retrieving «emails, texts, web history, call records, videos, photos and other files,» but the methods to be used for infecting the phones were unclear until now.
The agencies planned to use so-called «man-in-the-middle» attacks — a technique often used by cyber-criminals — to secretly insert spyware into the data packets of apps being downloaded by smartphone users.
The Five Eyes agencies were also interested in hijacking the app stores to be able to send «selective misinformation» and propaganda to targeted phones, particularly in Middle Eastern and African countries where movements similar to Arab Spring were feared by the alliance.
Another goal of the alliance was to hack into app store servers to harvest information about smartphone users.
One of the most egregious abuses of authority on the part of the alliance is the fact that it sought to exploit security flaws in commonly-used software for its own ends rather than reporting the vulnerabilities so that they could be repaired.
An example of this was the alliance’s efforts to take advantage of privacy vulnerabilities in the popular app called UCBrowser, which is used by a reported half billion people, making it one of the most widely used mobile internet browsers in the world.
«Of course, the security agencies don’t [disclose the information],» said Citizen Lab Director Ron Deibert. «Instead, they harbor the vulnerability. They essentially weaponize it.»
These latest revelations regarding the NSA and the Five Eyes alliance clearly show the lengths these agencies are willing to go to pursue their snooping and meddling agendas.
The question is: are we willing to allow them to continue to do so?
Sources: