According to new leaks from former NSA contractor Edward Snowden and followed by The Intercept and CBC, the NSA planned to hijack Android apps powered by Google Play Store by installing spyware.
This piece of information is just another link in the long chain of no longer surprising actions from the NSA.
According to the leak, the NSA along with intelligence agencies from the UK, Canada, New Zealand and Australia plotted to install spyware on Android smartphones making use of the data links to app stores held by Samsung and Google.
The super intelligence agencies are part of the Five Eyes alliance. It seems that the malicious program was developed in response to the Arab Spring and furthered its target to a select group of countries located in Africa. Among them, Tunisia, Senegal, Sudan, Congo feature as star targets of the Five Eyes as unrest is part of their common day history.
Note that France, Switzerland, Russia, Cuba, the Bahamas and the Netherlands also featured on the list of potential target of the spyware program.
In their effort, the NSA and other four intelligence services designed a surveillance unit titled the Network Tradecraft Advancement Team and organized constant workshops in the period covering November 2011 to February 2012 on how to improve the capabilities of the program for information-gathering.
The project’s name was Irritant Horn. What it was meant to do was to analyze how traffic moves across the internet cables between the smartphone and the Google’s servers, as well as Samsung’s. The system that was to be used by the Five Eyes to track the data from smartphones to app marketplaces is called XkeySource.
Somewhere along the line the intelligence agencies would plant spyware that would inconspicuously transmit data back to them, without the smartphone or app user ever knowing a thing.
Anything that could be transmitted via the legit installed apps, would do. Call records, videos, photos, web history, documents, and text messages. The whole process would have been powered by so called ‚man-in-the-middle’ attacks.
These entail a criminal hacker’s approach for fraud. These hackers, when found, are legally responsible. Intelligence agencies are accountable to nobody. The hacker tracks the link between two devices and the transfer and waits in between, analyzing data packets. Those of interest are extracted and fraud ensues.
This new evidence into how intelligence agencies such as the NSA are treating users and their data should prompt more reaction from the governments involved.
Only this week in the U.S. an open letter was sent to President Obama to urge him to not give way to any request that might allow governmental agencies such as the NSA or the Pentagon to enforce law that require tech companies to purposefully weaken their encryption.
Neither the officials of the intelligence agencies that make up the Five Eyes, nor Google or Samsung officials have made any statement in connection to the leaked document.
Image Source: wired.com