General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsNSA Planned to Hijack Google App Store to Hack Smartphones
http://readersupportednews.org/news-section2/318-66/30302-nsa-planned-to-hijack-google-app-store-to-hack-smartphonesThe surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the Five Eyes alliance the United States, Canada, the United Kingdom, New Zealand and Australia.
The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012.
The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google. (Google declined to comment for this story. Samsung said it would not be commenting at this time.)
As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users connections to app stores so that they would be able to send malicious implants to targeted devices. The implants could then be used to collect data from the phones without their users noticing.
Previous disclosures from the Snowden files have shown agencies in the Five Eyes alliance designed spyware for iPhones and Android smartphones, enabling them to infect targeted phones and grab emails, texts, web history, call records, videos, photos and other files stored on them. But methods used by the agencies to get the spyware onto phones in the first place have remained unclear.
The newly published document shows how the agencies wanted to exploit app store servers using them to launch so-called man-in-the-middle attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones.
hootinholler
(26,449 posts)The NSA is our friend! They're keeping us safe!
randome
(34,845 posts)The first question that comes to mind is: were these contemplated techniques designed to use against legitimate targets? Too bad the article doesn't even pose the question.
"Wanted to exploit". Wow. They are actually looking at ways to use technology to catch bad guys. What a bunch of fascists. Now if anyone has evidence they are actively using this technology to endanger ordinary users or they are deliberately using it on our own citizens, now would be the time to point that out.
[hr][font color="blue"][center]The truth doesnt always set you free.
Sometimes it builds a bigger cage around the one youre already in.[/center][/font][hr]
eridani
(51,907 posts)No warrants, no legitimate targets. That's how our Constitution says things are supposed to work. I'm sure you'd be thrilled with Jeb Bush pulling the same crap.
FlatBaroque
(3,160 posts)protects me and makes me feel cozy and safe.
I am so glad that in the Obama administration one can lie to congress and not suffer any consequences. Thanks, O!