SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
'Weaponizing Vulnerabilities': New Snowden Doc Reveals Spy Agencies Targeted Smartphones
The 'Five Eyes' alliance exploited weaknesses in popular browser and planned to hijack links to app stores to implant spyware on mobile phones, new documents show
May 21, 2015
The intelligence alliance known as Five Eyes--comprising the U.S., Canada, New Zealand, the United Kingdom, and Australia--exploited security weaknesses in one of the world's most popular browsers to obtain data about users and planned to use links to Google and Samsung app stores to infect smartphones with spyware, a top secret National Security Agency (NSA) document published Wednesday has revealed.
According to the 2012 document, leaked by whistleblower Edward Snowden and published jointly by CBC News and The Intercept, the NSA and its international counterparts took part in a series of workshops between November 2011 and February 2012 to find new ways to exploit smartphone technology for spying operations.
The Intercept reports:
As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users' connections to app stores so that they would be able to send malicious "implants" to targeted devices. The implants could then be used to collect data from the phones without their users noticing.
CBC continues:
The Five Eyes alliance targeted servers where smartphones get directed whenever users download or update an app from Google and Samsung stores.
...Ultimately, the spy agencies wanted to implant spyware on certain smartphones to take control of a person's device or extract data from it, the document suggests.
The spy agencies also sought to match their targets' smartphone devices to their online activities, using databases of emails, chats and browsing histories kept in the Five Eyes' powerful XKeyScore tool to help build profiles on the people they were tracking.
The project emerged in part due to concerns about the possibility of "another Arab spring," referring to the 2011 wave of revolutionary actions in Tunisia, Egypt, and other countries in the Middle East and North Africa where several autocratic, Western-backed leaders were ousted.
"Respecting agreements not to spy on each others' citizens, the spying partners focused their attention on servers in non-Five Eyes countries, the document suggests," write CBC's Amber Hildebrandt and Dave Seglins. "The agencies targeted mobile app servers in France, Switzerland, the Netherlands, Cuba, Morocco, the Bahamas and Russia."
The spy agencies also began targeting UC Browser--a popular app in India and China with growing usage in North America--in late 2011 after learning that it had leaked information about its half-billion users.
According to the reporting, the operation was launched by a joint surveillance unit called the Network Tradecraft Advancement Team, which includes spies from each of the Five Eyes nations.
The document frames the plan as a move for national security, with the agencies seeking to collect data or spy indefinitely on mobile phones of "suspected terrorists." But they did so without alerting the public or the phone companies of the browser's weaknesses, which "potentially put millions of users in danger of their data being accessed by other governments' agencies, hackers or criminals," Hildebrandt and Seglins write.
"Of course, the security agencies don't [disclose the information]," Ron Deibert, executive director of digital rights group Citizen Lab, which identified security gaps in UC Browser and alerted the company to those issues in April, told CBC. "Instead, they harbor the vulnerability. They essentially weaponize it."
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission has always been simple: To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It's never been this bad out there. And it's never been this hard to keep us going. At the very moment Common Dreams is most needed, the threats we face are intensifying. We need your support now more than ever. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Will you donate now to make sure Common Dreams not only survives but thrives? —Craig Brown, Co-founder |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
The intelligence alliance known as Five Eyes--comprising the U.S., Canada, New Zealand, the United Kingdom, and Australia--exploited security weaknesses in one of the world's most popular browsers to obtain data about users and planned to use links to Google and Samsung app stores to infect smartphones with spyware, a top secret National Security Agency (NSA) document published Wednesday has revealed.
According to the 2012 document, leaked by whistleblower Edward Snowden and published jointly by CBC News and The Intercept, the NSA and its international counterparts took part in a series of workshops between November 2011 and February 2012 to find new ways to exploit smartphone technology for spying operations.
The Intercept reports:
As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users' connections to app stores so that they would be able to send malicious "implants" to targeted devices. The implants could then be used to collect data from the phones without their users noticing.
CBC continues:
The Five Eyes alliance targeted servers where smartphones get directed whenever users download or update an app from Google and Samsung stores.
...Ultimately, the spy agencies wanted to implant spyware on certain smartphones to take control of a person's device or extract data from it, the document suggests.
The spy agencies also sought to match their targets' smartphone devices to their online activities, using databases of emails, chats and browsing histories kept in the Five Eyes' powerful XKeyScore tool to help build profiles on the people they were tracking.
The project emerged in part due to concerns about the possibility of "another Arab spring," referring to the 2011 wave of revolutionary actions in Tunisia, Egypt, and other countries in the Middle East and North Africa where several autocratic, Western-backed leaders were ousted.
"Respecting agreements not to spy on each others' citizens, the spying partners focused their attention on servers in non-Five Eyes countries, the document suggests," write CBC's Amber Hildebrandt and Dave Seglins. "The agencies targeted mobile app servers in France, Switzerland, the Netherlands, Cuba, Morocco, the Bahamas and Russia."
The spy agencies also began targeting UC Browser--a popular app in India and China with growing usage in North America--in late 2011 after learning that it had leaked information about its half-billion users.
According to the reporting, the operation was launched by a joint surveillance unit called the Network Tradecraft Advancement Team, which includes spies from each of the Five Eyes nations.
The document frames the plan as a move for national security, with the agencies seeking to collect data or spy indefinitely on mobile phones of "suspected terrorists." But they did so without alerting the public or the phone companies of the browser's weaknesses, which "potentially put millions of users in danger of their data being accessed by other governments' agencies, hackers or criminals," Hildebrandt and Seglins write.
"Of course, the security agencies don't [disclose the information]," Ron Deibert, executive director of digital rights group Citizen Lab, which identified security gaps in UC Browser and alerted the company to those issues in April, told CBC. "Instead, they harbor the vulnerability. They essentially weaponize it."
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
The intelligence alliance known as Five Eyes--comprising the U.S., Canada, New Zealand, the United Kingdom, and Australia--exploited security weaknesses in one of the world's most popular browsers to obtain data about users and planned to use links to Google and Samsung app stores to infect smartphones with spyware, a top secret National Security Agency (NSA) document published Wednesday has revealed.
According to the 2012 document, leaked by whistleblower Edward Snowden and published jointly by CBC News and The Intercept, the NSA and its international counterparts took part in a series of workshops between November 2011 and February 2012 to find new ways to exploit smartphone technology for spying operations.
The Intercept reports:
As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users' connections to app stores so that they would be able to send malicious "implants" to targeted devices. The implants could then be used to collect data from the phones without their users noticing.
CBC continues:
The Five Eyes alliance targeted servers where smartphones get directed whenever users download or update an app from Google and Samsung stores.
...Ultimately, the spy agencies wanted to implant spyware on certain smartphones to take control of a person's device or extract data from it, the document suggests.
The spy agencies also sought to match their targets' smartphone devices to their online activities, using databases of emails, chats and browsing histories kept in the Five Eyes' powerful XKeyScore tool to help build profiles on the people they were tracking.
The project emerged in part due to concerns about the possibility of "another Arab spring," referring to the 2011 wave of revolutionary actions in Tunisia, Egypt, and other countries in the Middle East and North Africa where several autocratic, Western-backed leaders were ousted.
"Respecting agreements not to spy on each others' citizens, the spying partners focused their attention on servers in non-Five Eyes countries, the document suggests," write CBC's Amber Hildebrandt and Dave Seglins. "The agencies targeted mobile app servers in France, Switzerland, the Netherlands, Cuba, Morocco, the Bahamas and Russia."
The spy agencies also began targeting UC Browser--a popular app in India and China with growing usage in North America--in late 2011 after learning that it had leaked information about its half-billion users.
According to the reporting, the operation was launched by a joint surveillance unit called the Network Tradecraft Advancement Team, which includes spies from each of the Five Eyes nations.
The document frames the plan as a move for national security, with the agencies seeking to collect data or spy indefinitely on mobile phones of "suspected terrorists." But they did so without alerting the public or the phone companies of the browser's weaknesses, which "potentially put millions of users in danger of their data being accessed by other governments' agencies, hackers or criminals," Hildebrandt and Seglins write.
"Of course, the security agencies don't [disclose the information]," Ron Deibert, executive director of digital rights group Citizen Lab, which identified security gaps in UC Browser and alerted the company to those issues in April, told CBC. "Instead, they harbor the vulnerability. They essentially weaponize it."
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.