Published on Portside (https://portside.org)
NSA Planned to Hijack Google App Store to Hack Smartphones
Thursday, May 21, 2015
The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals.
The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.
The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News  in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012.
The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE  to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google. (Google declined to comment for this story. Samsung said it would not be commenting “at this time.”)
As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.
Previous disclosures  from the Snowden files have shown agencies in the Five Eyes alliance designed spyware for iPhones and Android smartphones, enabling them to infect targeted phones and grab emails, texts, web history, call records, videos, photos and other files stored on them. But methods used by the agencies to get the spyware onto phones in the first place have remained unclear.
The newly published document shows how the agencies wanted to “exploit” app store servers — using them to launch so-called “man-in-the-middle” attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones.
But the agencies wanted to do more than just use app stores as a launching pad to infect phones with spyware. They were also keen to find ways to hijack them as a way of sending “selective misinformation to the targets’ handsets” as part of so-called “effects” operations that are used to spread propaganda or confuse adversaries. Moreover, the agencies wanted to gain access to companies’ app store servers so they could secretly use them for “harvesting” information about phone users.
The project was motivated in part by concerns about the possibility of “another Arab Spring,” which was sparked in Tunisia in December 2010 and later spread to countries across the Middle East and North Africa. Western governments and intelligence agencies were largely blindsided by those events, and the document detailing IRRITANT HORN suggests the spies wanted to be prepared to launch surveillance operations in the event of more unrest.
The agencies were particularly interested in the African region, focusing on Senegal, Sudan and the Congo. But the app stores targeted were located in a range of countries, including a Google app store server located in France and other companies’ app download servers in Cuba, Morocco, Switzerland, Bahamas, the Netherlands and Russia. (At the time, the Google app store was called the “Android Market”; it is now named Google Play .)
Another major outcome of the secret workshops was the agencies’ discovery of privacy vulnerabilities in UC Browser, a popular app used to browse the Internet across Asia, particularly in China and India. Though UC Browser is not well-known in Western countries, its massive Asian user base, a reported half billion people , means it is one of the most popular mobile Internet browsers in the world.
According to the top-secret document , the agencies discovered that the UC Browser app was leaking a gold mine of identifying information about its users’ phones. Some of the leaking information apparently helped the agencies uncover a communication channel linked to a foreign military unit believed to be plotting “covert activities” in Western countries. The discovery was celebrated by the spies as an “opportunity where potentially none may have existed before.”
Citizen Lab , a human rights and technology research group based at the University of Toronto, analyzed the Android version of the UC Browser app for CBC News and said it identified “major security and privacy issues” in its English and Chinese editions. The Citizen Lab researchers have authored their own detailed technical report  outlining the many ways the app has been leaking data, including some users’ search queries, SIM card numbers and unique device IDs that can be used to track people.
Citizen Lab alerted UC Browser to the security gaps in mid-April; the company says it has now fixed them by rolling out an update for the app. A spokesperson for UC Browser’s parent company, Chinese e-commerce giant the Alibaba Group , told CBC News in a statement that it took security “very seriously and we do everything possible to protect our users.” The spokesperson added that the company had found “no evidence that any user information has been taken” — though it is not likely that surveillance of the leaking data would have been detectable.
The case strikes at the heart of a debate about whether spy agencies are putting ordinary people at risk by secretly exploiting security flaws in popular software instead of reporting them so that they can be fixed.
According to Citizen Lab Director Ron Deibert, the UC Browser vulnerability not only exposed millions of the app’s users to surveillance carried out by any number of governments — but it could also have been exploited by criminal hackers to harvest personal data.
“Of course, the security agencies don’t [disclose the information],” Deibert said. “Instead, they harbor the vulnerability. They essentially weaponize it.” Taking advantage of weaknesses in apps like UC Browser “may make sense from a very narrow national security mindset,” Deibert added, “but it’s at the expense of the privacy and security of hundreds of millions of users worldwide.”
The revelations are the latest to highlight tactics adopted by the Five Eyes agencies in their efforts to hack computers and exploit software vulnerabilities for surveillance. Last year, The Intercept reported that the NSA has worked with its partners to dramatically increase the scope of its hacking attacks and use of “implants” to infect computers. In some cases, the agency was shown to have masqueraded as a Facebook server  in order to hack into computers.
The Intercept and CBC News contacted each of the Five Eyes agencies for comment on this story, but none would answer questions on record about any of the specific details.
A spokesperson for Canada’s Communications Security Establishment said that the agency was “mandated to collect foreign signals intelligence to protect Canada and Canadians from a variety of threats to our national security, including terrorism,” adding that it “does not direct its foreign signals intelligence activities at Canadians or anywhere in Canada.”
British agency Government Communications Headquarters said that its work was “carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate.”
Australia’s Signals Directorate said it was “long-standing practice” not to discuss intelligence matters and would not comment further.
New Zealand’s Government Communications Security Bureau said that it has “a foreign intelligence mandate” and that everything it does is “explicitly authorised and subject to independent oversight.”
The NSA had not responded to repeated requests for comment at time of publication.
Email the author: email@example.com . Follow  Ryan Gallagher.
Source URL: https://portside.org/2015-05-23/nsa-planned-hijack-google-app-store-hack-smartphones
- See more at: https://portside.org/print/node/8832#sthash.7Jfsae0B.dpufhttp://readersupportednews.org/opinion2/277-75/30313-focus-in-the-same-week-the-us-and-uk-hide-their-war-crimes-by-invoking-qnational-securityq
Greenwald writes: "For years, human rights groups have fought to obtain old documents, particularly a 37-year-old diplomatic cable, relating to British responsibility for Henderson's brutality in Bahrain."
An American soldier, his dog and a detainee at the Abu Ghraib prison in Iraq, 2003. (photo: Washington Post/Getty Images)
In the Same Week, the US and UK Hide Their War Crimes by Invoking "National Security"
By Glenn Greenwald, The Intercept
22 May 15
olonel Ian Henderson was a British official dubbed “the Butcher of Bahrain” because of atrocities he repeatedly committed during the 30 years he served as chief security official of that Middle Eastern country. His reign of terror began in 1966 when Bahrain was a British “protectorate” and continued when the post-“independence” Bahraini King retained him in the same position. In 1996, The Independent described him as “the most feared of all secret policemen” in Bahrain, and cited “consistent and compelling evidence that severe beatings and even sexual assaults have been carried out against prisoners under Henderson’s responsibility for well over a decade.”
A 2002 Guardian article reported that “during this time his men allegedly detained and tortured thousands of anti-government activists”; his official acts “included the ransacking of villages, sadistic sexual abuse and using power drills to maim prisoners”; and “on many occasions they are said to have detained children without informing their parents, only to return them months later in body bags.” Needless to say, Col. Henderson was never punished in any way: “although Scotland Yard launched an inquiry into the allegations in 2000, the investigation was dropped the following year.” He was showered with high honors from the U.K.-supported tyrants who ran Bahrain.
Prior to the massacres and rapes over which he presided in Bahrain, Henderson played a leading role in brutally suppressing the Mau Mau insurgency in another British colony, Kenya. In the wake of his Kenya atrocities, he twice won the George Medal, “the 2nd highest, to the George Cross, gallantry medal that a civilian can win.” His brutality against Kenyan insurgents fighting for independence is what led the U.K. government to put him in charge of internal security in Bahrain.
For years, human rights groups have fought to obtain old documents, particularly a 37-year-old diplomatic cable, relating to British responsibility for Henderson’s brutality in Bahrain. Ordinarily, documents more than 30 years old are disclosable, but the British government has fought every step of the way to conceal this cable.
But now, a governmental tribunal ruled largely in favor of the government and held that most of the diplomatic cable shall remain suppressed. The tribunal’s ruling was at least partially based on “secret evidence for the Foreign and Commonwealth Office (FCO) from a senior diplomat, Edward Oakden, who argued that Britain’s defence interests in Bahrain were of paramount importance”; specifically, “Mr Oakden implied that the release of such information could jeopardise Britain’s new military base in the country.”
The U.K. government loves to demonize others for supporting tyrants even as it snuggles up to virtually every despot in that region. Her Majesty’s Government has a particularly close relationship with Bahrain, where it is constructing a new naval base. The Kingdom is already home to the United States’ Fifth Fleet.
The tribunal’s rationale is that “full disclosure of the document would have ‘an adverse effect on relations’ with Bahrain, where the U.K. is keen to build further economic and defence ties.” In other words, disclosing these facts would make the British and/or the Bahrainis look bad, cause them embarrassment, and could make their close friendship more difficult to sustain. Therefore, the British and Bahraini populations must be denied access to the evidence of what their governments did.
This is the core mindset now prevalent in both the U.S. and U.K. for hiding their crimes from their own populations and then rest of the world: disclosure of what we did will embarrass and shame us, cause anger toward us, and thus harm our “national security.” As these governments endlessly highlight the bad acts of those who are adverse to them, they vigorously hide their own, thus propagandizing their publics into believing that only They — the Other Tribe Over There — commit such acts.
This is exactly the same mentality driving the Obama administration’s years-long effort to suppress photographs showing torture of detainees by the U.S. In 2009, Obama said he would comply with a court ruling that ordered those torture photos disclosed, but weeks after his announcement, reversed himself. Adopting the argument made by a group run by Bill Kristol and Liz Cheney against disclosure of the photos, Obama insisted that to release the photos “would be to further inflame anti-American opinion and to put our troops in danger.” Obama went further and announced his support for a bill sponsored by Lindsey Graham and Joe Lieberman to amend the Freedom of Information Act — a legislative accomplishment which Rep. Louise Slaughter told me at the time had long been “sacred” to Democrats — for no reason other than to exempt those torture photos from disclosure.
In March of this year, a U.S. judge who had long sided with the Obama DOJ in this matter reversed course. In a lawsuit brought in 2004 by the ACLU, the judge ordered the release of thousands of photos showing detainee abuse in Afghanistan and Iraq, including at Abu Ghraib. He ruled that the Obama DOJ could no longer show any national security harm that would justify ongoing suppression.
Rather than accepting the ruling and releasing the photos after hiding them for more than a decade, the U.S. Justice Department last week filed an emergency request for a stay of that ruling with the appeals court. The argument from The Most Transparent Administration Ever™:
Government document. (photo:The Intercept)
No healthy democracy can possibly function where this warped mindset prevails: we are entitled to hide anything we do that makes us look bad because making us look bad harms “national security,” and we are the ones who make that decision without challenge. As the ACLU’s Jameel Jaffer said:
To allow the government to suppress any image that might provoke someone, somewhere, to violence would be to give the government sweeping power to suppress evidence of its own agents’ misconduct. Giving the government that kind of censorial power would have implications far beyond this specific context.
But even more threatening than the menace to democracy is the propagandzied public this mentality guarantees. A government that is able to hide its own atrocities on “national security” grounds will be one whose public endlessly focuses on the crimes of others while remaining blissfully unaware of one’s own nation. That is an excellent description of much of the American and British public, and as good an explanation as any why much of their public discourse consists of little more than proclamations that Our Side is Better despite the decades of brutality, aggression and militarism their own side has perpetrated.
© 2015 Reader Supported News
Donations can be sent to the Baltimore Nonviolence Center, 325 E. 25th St., Baltimore, MD 21218. Ph: 410-366-1637; Email: mobuszewski [at] verizon.net. Go to http://baltimorenonviolencecenter.blogspot.com/
"The master class has always declared the wars; the subject class has always fought the battles. The master class has had all to gain and nothing to lose, while the subject class has had nothing to gain and everything to lose--especially their lives." Eugene Victor Debs