Published on Portside (https://portside.org)
NSA Planned to Hijack Google App Store to Hack
Smartphones
https://firstlook.org/theintercept/2015/05/21/nsa-five-eyes-google-samsung-app-stores-spyware/
Ryan Gallagher
Thursday, May 21, 2015
The Intercept
The surveillance project was launched by a joint
electronic eavesdropping unit called the Network Tradecraft Advancement Team,
which includes spies from each of the countries in the “Five Eyes” alliance —
the United States, Canada, the United Kingdom, New Zealand and Australia.
The top-secret document, obtained from NSA whistleblower
Edward Snowden, was published Wednesday by CBC News [1] in collaboration with
The Intercept. The document outlines a series of tactics that the NSA and its
counterparts in the Five Eyes were working on during workshops held in Australia
and Canada between November 2011 and February 2012.
The main purpose of the workshops was to find new ways to
exploit smartphone technology for surveillance. The agencies used the Internet
spying system XKEYSCORE [2] to identify smartphone traffic flowing across
Internet cables and then to track down smartphone connections to app
marketplace servers operated by Samsung and Google. (Google declined to comment
for this story. Samsung said it would not be commenting “at this time.”)
As part of a pilot project codenamed IRRITANT HORN, the
agencies were developing a method to hack and hijack phone users’ connections
to app stores so that they would be able to send malicious “implants” to
targeted devices. The implants could then be used to collect data from the phones
without their users noticing.
Previous disclosures [3] from the Snowden files have
shown agencies in the Five Eyes alliance designed spyware for iPhones and
Android smartphones, enabling them to infect targeted phones and grab emails,
texts, web history, call records, videos, photos and other files stored on
them. But methods used by the agencies to get the spyware onto phones in the
first place have remained unclear.
The newly published document shows how the agencies
wanted to “exploit” app store servers — using them to launch so-called
“man-in-the-middle” attacks to infect phones with the implants. A
man-in-the-middle attack is a technique in which hackers place themselves
between computers as they are communicating with each other; it is a tactic sometimes
used by criminal hackers to defraud people. In this instance, the method would
have allowed the surveillance agencies to modify the content of data packets
passing between targeted smartphones and the app servers while an app was being
downloaded or updated, inserting spyware that would be covertly sent to the
phones.
But the agencies wanted to do more than just use app
stores as a launching pad to infect phones with spyware. They were also keen to
find ways to hijack them as a way of sending “selective misinformation to the
targets’ handsets” as part of so-called “effects” operations that are used to
spread propaganda or confuse adversaries. Moreover, the agencies wanted to gain
access to companies’ app store servers so they could secretly use them for
“harvesting” information about phone users.
The project was motivated in part by concerns about the
possibility of “another Arab Spring,” which was sparked in Tunisia in December
2010 and later spread to countries across the Middle East and North Africa.
Western governments and intelligence agencies were largely blindsided by those
events, and the document detailing IRRITANT HORN suggests the spies wanted to
be prepared to launch surveillance operations in the event of more unrest.
The agencies were particularly interested in the African
region, focusing on Senegal, Sudan and the Congo. But the app stores targeted
were located in a range of countries, including a Google app store server
located in France and other companies’ app download servers in Cuba, Morocco,
Switzerland, Bahamas, the Netherlands and Russia. (At the time, the Google app
store was called the “Android Market”; it is now named Google Play [4].)
Another major outcome of the secret workshops was the
agencies’ discovery of privacy vulnerabilities in UC Browser, a popular app
used to browse the Internet across Asia, particularly in China and India.
Though UC Browser is not well-known in Western countries, its massive Asian
user base, a reported half billion people [5], means it is one of the most
popular mobile Internet browsers in the world.
According to the top-secret document [6], the agencies
discovered that the UC Browser app was leaking a gold mine of identifying
information about its users’ phones. Some of the leaking information apparently
helped the agencies uncover a communication channel linked to a foreign
military unit believed to be plotting “covert activities” in Western countries.
The discovery was celebrated by the spies as an “opportunity where potentially
none may have existed before.”
Citizen Lab [7], a human rights and technology research
group based at the University of Toronto, analyzed the Android version of the
UC Browser app for CBC News and said it identified “major security and privacy
issues” in its English and Chinese editions. The Citizen Lab researchers have
authored their own detailed technical report [8] outlining the many ways the
app has been leaking data, including some users’ search queries, SIM card
numbers and unique device IDs that can be used to track people.
Citizen Lab alerted UC Browser to the security gaps in
mid-April; the company says it has now fixed them by rolling out an update for
the app. A spokesperson for UC Browser’s parent company, Chinese e-commerce
giant the Alibaba Group [9], told CBC News in a statement that it took security
“very seriously and we do everything possible to protect our users.” The
spokesperson added that the company had found “no evidence that any user
information has been taken” — though it is not likely that surveillance of the
leaking data would have been detectable.
The case strikes at the heart of a debate about whether
spy agencies are putting ordinary people at risk by secretly exploiting
security flaws in popular software instead of reporting them so that they can
be fixed.
According to Citizen Lab Director Ron Deibert, the UC
Browser vulnerability not only exposed millions of the app’s users to
surveillance carried out by any number of governments — but it could also have
been exploited by criminal hackers to harvest personal data.
“Of course, the security agencies don’t [disclose the
information],” Deibert said. “Instead, they harbor the vulnerability. They
essentially weaponize it.” Taking advantage of weaknesses in apps like UC
Browser “may make sense from a very narrow national security mindset,” Deibert
added, “but it’s at the expense of the privacy and security of hundreds of
millions of users worldwide.”
The revelations are the latest to highlight tactics
adopted by the Five Eyes agencies in their efforts to hack computers and
exploit software vulnerabilities for surveillance. Last year, The Intercept
reported that the NSA has worked with its partners to dramatically increase the
scope of its hacking attacks and use of “implants” to infect computers. In some
cases, the agency was shown to have masqueraded as a Facebook server [10] in
order to hack into computers.
The Intercept and CBC News contacted each of the Five
Eyes agencies for comment on this story, but none would answer questions on
record about any of the specific details.
A spokesperson for Canada’s Communications Security
Establishment said that the agency was “mandated to collect foreign signals intelligence
to protect Canada and Canadians from a variety of threats to our national
security, including terrorism,” adding that it “does not direct its foreign
signals intelligence activities at Canadians or anywhere in Canada.”
British agency Government Communications Headquarters
said that its work was “carried out in accordance with a strict legal and
policy framework, which ensures that our activities are authorised, necessary
and proportionate.”
Australia’s Signals Directorate said it was “long-standing
practice” not to discuss intelligence matters and would not comment further.
New Zealand’s Government Communications Security Bureau
said that it has “a foreign intelligence mandate” and that everything it does
is “explicitly authorised and subject to independent oversight.”
The NSA had not responded to repeated requests for
comment at time of publication.
Email the author: ryan.gallagher@theintercept.com [11].
Follow [12] Ryan Gallagher.
Source URL:
https://portside.org/2015-05-23/nsa-planned-hijack-google-app-store-hack-smartphones
Links:
[1]
http://www.cbc.ca/news/canada/spy-agencies-target-mobile-phones-app-stores-to-implant-spyware-1.3076546
[2]
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data
[3] http://www.theguardian.com/world/2014/jan/27/nsa-gchq-smartphone-app-angry-birds-personal-data
[4] https://play.google.com/store?hl=en
[5]
http://gadgets.ndtv.com/apps/news/uc-browser-claims-to-have-crossed-500-million-global-users-milestone-498531
[6] https://www.documentcloud.org/documents/2083944-uc-web-report-final-for-dc.html
[7] https://citizenlab.org/
[8]
https://citizenlab.org/2015/05/a-chatty-squirrel-privacy-and-security-issues-with-uc-browser
[9] http://www.alibabagroup.com/en/global/home
[10] https://firstlook.org/theintercept/2014/03/17/nsa-secretly-masqueraded-facebook-hack-computers-surveillance/
[11] http://ryan.gallagher@theintercept.com
[12] https://twitter.com/@rj_gallagher
- See more at:
https://portside.org/print/node/8832#sthash.7Jfsae0B.dpufhttp://readersupportednews.org/opinion2/277-75/30313-focus-in-the-same-week-the-us-and-uk-hide-their-war-crimes-by-invoking-qnational-securityq
Greenwald writes: "For years, human rights groups
have fought to obtain old documents, particularly a 37-year-old diplomatic cable,
relating to British responsibility for Henderson's brutality in Bahrain."
An American soldier, his dog and a detainee at the Abu
Ghraib prison in Iraq, 2003. (photo: Washington Post/Getty Images)
In the Same Week, the US and UK Hide Their War Crimes by
Invoking "National Security"
By Glenn Greenwald, The Intercept
22 May 15
olonel Ian Henderson was a British official dubbed “the
Butcher of Bahrain” because of atrocities he repeatedly committed during
the 30 years he served as chief security official of that Middle Eastern
country. His reign of terror began in 1966 when Bahrain was a British
“protectorate” and continued when the post-“independence” Bahraini King
retained him in the same position. In 1996, The Independent described
him as “the most feared of all secret policemen” in Bahrain, and cited
“consistent and compelling evidence that severe beatings and even sexual
assaults have been carried out against prisoners under Henderson’s
responsibility for well over a decade.”
A 2002 Guardian article reported that “during
this time his men allegedly detained and tortured thousands of anti-government
activists”; his official acts “included the ransacking of villages, sadistic
sexual abuse and using power drills to maim prisoners”; and “on many occasions
they are said to have detained children without informing their parents, only to
return them months later in body bags.” Needless to say, Col. Henderson was
never punished in any way: “although Scotland Yard launched an inquiry into the
allegations in 2000, the investigation was dropped the following year.” He was
showered with high honors from the U.K.-supported tyrants who ran Bahrain.
Prior to the massacres and rapes over which he presided
in Bahrain, Henderson played a leading role in brutally suppressing the Mau Mau
insurgency in another British colony, Kenya. In the wake of his
Kenya atrocities, he twice won the George Medal, “the 2nd highest, to the
George Cross, gallantry medal that a civilian can win.” His brutality against
Kenyan insurgents fighting for independence is what led the U.K. government to
put him in charge of internal security in Bahrain.
For years, human rights groups have fought to obtain
old documents, particularly a 37-year-old diplomatic cable, relating
to British responsibility for Henderson’s brutality in Bahrain.
Ordinarily, documents more than 30 years old are disclosable, but the
British government has fought every step of the way to conceal this cable.
But now, a governmental tribunal ruled largely in
favor of the government and held that most of the diplomatic
cable shall remain suppressed. The tribunal’s ruling was at
least partially based on “secret evidence for the Foreign and Commonwealth
Office (FCO) from a senior diplomat, Edward Oakden, who argued that Britain’s
defence interests in Bahrain were of paramount importance”; specifically, “Mr Oakden
implied that the release of such information could jeopardise Britain’s new
military base in the country.”
The U.K. government loves to demonize others for
supporting tyrants even as it snuggles up to virtually every despot in that
region. Her Majesty’s Government has a particularly close relationship
with Bahrain, where it is constructing a new naval base. The Kingdom is already
home to the United States’ Fifth Fleet.
The tribunal’s rationale is that “full disclosure of the
document would have ‘an adverse effect on relations’ with Bahrain, where the
U.K. is keen to build further economic and defence ties.” In other words,
disclosing these facts would make the British and/or the Bahrainis look
bad, cause them embarrassment, and could make their close friendship more
difficult to sustain. Therefore, the British and Bahraini populations must be
denied access to the evidence of what their governments did.
This is the core mindset now prevalent in both the U.S.
and U.K. for hiding their crimes from their own populations and then
rest of the world: disclosure of what we did will embarrass and shame us, cause
anger toward us, and thus harm our “national security.” As these
governments endlessly highlight the bad acts of those who are adverse to
them, they vigorously hide their own, thus propagandizing their publics into
believing that only They — the Other Tribe Over There — commit such acts.
This is exactly the same mentality driving the Obama
administration’s years-long effort to suppress photographs showing torture of
detainees by the U.S. In 2009, Obama said he would comply with a court ruling
that ordered those torture photos disclosed, but weeks after his
announcement, reversed himself. Adopting the argument made by a group run by
Bill Kristol and Liz Cheney against disclosure of the photos, Obama insisted
that to release the photos “would be to further inflame anti-American
opinion and to put our troops in danger.” Obama went further and announced
his support for a bill sponsored by Lindsey Graham and Joe Lieberman to amend
the Freedom of Information Act — a legislative accomplishment which Rep. Louise
Slaughter told me at the time had long been “sacred” to Democrats — for no
reason other than to exempt those torture photos from disclosure.
In March of this year, a U.S. judge who had long sided
with the Obama DOJ in this matter reversed course. In a lawsuit brought in
2004 by the ACLU, the judge ordered the release of thousands of
photos showing detainee abuse in Afghanistan and Iraq, including at Abu Ghraib.
He ruled that the Obama DOJ could no longer show any national security harm
that would justify ongoing suppression.
Rather than accepting the ruling and releasing the photos
after hiding them for more than a decade, the U.S. Justice Department last
week filed an emergency request for a stay of that ruling with the appeals
court. The argument from The Most Transparent Administration Ever™:
Government document. (photo:The Intercept)
No healthy democracy can possibly function where this
warped mindset prevails: we are entitled to hide anything we do that makes us
look bad because making us look bad harms “national security,” and we are the
ones who make that decision without challenge. As the ACLU’s Jameel Jaffer
said:
To allow the government to suppress any image that might
provoke someone, somewhere, to violence would be to give the government
sweeping power to suppress evidence of its own agents’ misconduct. Giving the
government that kind of censorial power would have implications far beyond this
specific context.
But even more threatening than the menace to democracy is
the propagandzied public this mentality guarantees. A government that is able
to hide its own atrocities on “national security” grounds will be one whose
public endlessly focuses on the crimes of others while remaining blissfully
unaware of one’s own nation. That is an excellent description of much of the
American and British public, and as good an explanation as any why much of
their public discourse consists of little more than proclamations that Our Side
is Better despite the decades of brutality, aggression and militarism their own
side has perpetrated.
© 2015 Reader Supported News
Donations can be sent to the Baltimore Nonviolence
Center, 325 E. 25th St., Baltimore, MD 21218. Ph: 410-366-1637; Email:
mobuszewski [at] verizon.net. Go to
http://baltimorenonviolencecenter.blogspot.com/
"The master class has always declared the wars; the
subject class has always fought the battles. The master class has had all to
gain and nothing to lose, while the subject class has had nothing to gain and
everything to lose--especially their lives." Eugene Victor Debs
No comments:
Post a Comment