Ten-year investigation into whether commies used SciFi to put nation into bad mood
The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals.
The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.
The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012.
The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google. (Google declined to comment for this story. Samsung said it would not be commenting “at this time.”)
As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.
Previous disclosures from the Snowden files have shown agencies in the Five Eyes alliance designed spyware for iPhones and Android smartphones, enabling them to infect targeted phones and grab emails, texts, web history, call records, videos, photos and other files stored on them. But methods used by the agencies to get the spyware onto phones in the first place have remained unclear.
The newly published document shows how the agencies wanted to “exploit” app store servers — using them to launch so-called “man-in-the-middle” attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones.
I should note, upfront, that I’ve had the chance to meet FCC Commissioner Ajit Pai a couple of times, and always found him to be interesting and knowledgeable, as well as engaged on important issues. Yet, for whatever reason, when it comes to net neutrality issues, the former Verizon lawyer (clue number 1) seems to have gone off the deep end, tossed all logic and intellectual honesty out the window, in an effort to just lash out angrily with whatever he’s got. We’ve talked about his incoherent attack on Netflix and his sudden and newfound love of transparency (never noted before…).
But his latest move just strips whatever credibility he may have had on the subject completely away. He’s insisting that the FCC’s new net neutrality rules (which he opposes) will inspire North Korea and Iran to further control and censor the internet (which they already control and heavily censor). And he’s not arguing this in a “they hate us for our freedom” way, but he’s actively lying and claiming that this move — a move to guarantee openness and not censorship online — will give the North Korean and Iranian governments the political cover to censor the internet. Let’s be frank, Pai’s statements are complete nonsense.
“If in the United States we adopt regulations that assert more government control over how the Internet operates … it becomes a lot more difficult for us to go on the international stage and tell governments: ‘Look, we want you to keep your hands off the internet,’” he said.
“Even if the ideas aren’t completely identical, you can appreciate the optical difficult in trying to make that case,” he added.