New Snowden doc: NSA targeted mobile phones, app stores

posted at 4:01 pm on May 21, 2015 by Ed Morrissey

The Intercept and the CBC combined on a new report today from the Snowden cache of purloined documents that reveals the efforts by the US and its allies to penetrate cell phones and mobile devices. Not only were intelligence agencies hoping to cull new information, they also hoped to use the program to plant misinformation. But does this merit a new round of outrage directed at the NSA, or at Snowden?

Canada and its spying partners exploited weaknesses in one of the world’s most popular mobile browsers and planned to hack into smartphones via links to Google and Samsung app stores, a top secret document obtained by CBC News shows.

Electronic intelligence agencies began targeting UC Browser — a massively popular app in China and India with growing use in North America — in late 2011 after discovering it leaked revealing details about its half-billion users.

Their goal, in tapping into UC Browser and also looking for larger app store vulnerabilities, was to collect data on suspected terrorists and other intelligence targets — and, in some cases, implant spyware on targeted smartphones.

The 2012 document shows that the surveillance agencies exploited the weaknesses in certain mobile apps in pursuit of their national security interests, but it appears they didn’t alert the companies or the public to these weaknesses. That potentially put millions of users in danger of their data being accessed by other governments’ agencies, hackers or criminals.

The program’s name was “IRRITANT HORN,” a rather amusing code name given the nature of the Snowden revelations to the NSA for the past two years. The NSA and its “Five Eyes” partners in Canada, Australia, the UK, and New Zealand penetrated the app stores for these devices. That allowed them to have permanent connections to those devices that connected to it, and to deliver spyware for data collection and dissemination. But from whom, and to where?

But the agencies wanted to do more than just use app stores as a launching pad to infect phones with spyware. They were also keen to find ways to hijack them as a way of sending “selective misinformation to the targets’ handsets” as part of so-called “effects” operations that are used to spread propaganda or confuse adversaries. Moreover, the agencies wanted to gain access to companies’ app store servers so they could secretly use them for “harvesting” information about phone users.

The project was motivated in part by concerns about the possibility of “another Arab Spring,” which was sparked in Tunisia in December 2010 and later spread to countries across the Middle East and North Africa. Western governments and intelligence agencies were largely blindsided by those events, and the document detailing IRRITANT HORN suggests the spies wanted to be prepared to launch surveillance operations in the event of more unrest.

The agencies were particularly interested in the African region, focusing on Senegal, Sudan and the Congo. But the app stores targeted were located in a range of countries, including a Google app store server located in France and other companies’ app download servers in Cuba, Morocco, Switzerland, Bahamas, the Netherlands and Russia. (At the time, the Google app store was called the “Android Market”; it is now named Google Play.)

The project seemed to be effective, too:

According to the top-secret document, the agencies discovered that the UC Browser app was leaking a gold mine of identifying information about its users’ phones. Some of the leaking information apparently helped the agencies uncover a communication channel linked to a foreign military unit believed to be plotting “covert activities” in Western countries. The discovery was celebrated by the spies as an “opportunity where potentially none may have existed before.”

This is where the issue gets murky. If the NSA and the other agencies conducted surveillance and covert operations on foreign users of these systems, then they didn’t do anything illegal in the US or their other countries. The Intercept’s Ryan Gallagher tries to make the issue less about legality and more about tech ethics:

The case strikes at the heart of a debate about whether spy agencies are putting ordinary people at risk by secretly exploiting security flaws in popular software instead of reporting them so that they can be fixed.

There’s an actual debate about this? That’s the issue driving this disclosure? Yes, criminal hackers can exploit these weaknesses, and some intel agencies actually defend against industrial espionage for that reason. However, the mission of US intelligence is national security, not improving the quality of private-sector tech products. The main mission is to keep ordinary people from the risk of attack — these days, more by terrorists than other nations — and they exploit lots of vulnerabilities to accomplish that, not just in tech.

This is another example where the Snowden exposure has crossed the line from whistleblowing to nihilism for nihilism’s sake. If the NSA conducted this kind of surveillance on US persons (a legal term), then this is a big story. If they didn’t, then all this does is expose an avenue of intel collection that appears legal and useful, not to mention non-fatal. Nothing at The Intercept suggests that it’s the former, which makes this disclosure incredibly irresponsible.


Related Posts:

Breaking on Hot Air

Blowback

Trackbacks/Pings

Trackback URL

Comments

Shut down the NSA, bring in the prosecutors and start building the Gallows. NOW. Violation of the 4th Amendment is Treason.

ConstantineXI on May 21, 2015 at 4:06 PM

This is where the issue gets murky. If the NSA and the other agencies conducted surveillance and covert operations on foreign users of these systems, then they didn’t do anything illegal in the US or their other countries.

Not only “[not] illegal” but that actually IS the job of the NSA (and CIA). They are supposed to be doing all sorts of stuff in foreign lands or to aliens, even ignoring any of the local laws if need be. What they are NOT supposed to be doing is working against American citizens on American soil. It seems, though, that too many in the feral government have decided to ignore this distinction, partly due to the fact that so many of the traitors in the feral government have spent much of their time giving aid and comfort to invading illegals (which is what is known as “treason”) and restricting American citizens’ Constitutional rights, or importing America-hating retards, giving them citizenship and then using their anti-American stances adn actions in order to argue for the need to surveil “Americans” …

The case strikes at the heart of a debate about whether spy agencies are putting ordinary people at risk by secretly exploiting security flaws in popular software instead of reporting them so that they can be fixed.

There’s an actual debate about this? That’s the issue driving this disclosure?

Yeah … that’s a pretty laughably stupid argument they’re trying to make.

ThePrimordialOrderedPair on May 21, 2015 at 4:17 PM

How many lives have been destroyed by terrorists?

How many lives have been destroyed by the US government (in and outside US)?

There is no comparison. By far and away, the biggest threats to any one of us is the US government.

3558 on May 21, 2015 at 4:21 PM

Terrorist plots uncovered:
NSA: 0
TSA: 0
DHS: 0

Terrorists attacks prevented:

NSA: 0
TSA: 0
DHS: 0

Terrorists captured:
NSA: 0
TSA: 0
DHS: 0

ConstantineXI on May 21, 2015 at 4:25 PM

I have an experiment for those interested…

… Look up Google Play Application Permissions List and find out what can be accessed on your device if you “Agree” to the terms.

Enjoy…!

Seven Percent Solution on May 21, 2015 at 4:34 PM

they also hoped to use the program to plant misinformation.

Putin is the father of misinformation.

Schadenfreude on May 21, 2015 at 4:35 PM

If you use a “smartphone”, you ain’t.

corona79 on May 21, 2015 at 4:50 PM

this will continue and grow until some elected official and a host of bureaucrats are jailed…something that will not happen with our supine courts and cowardly Congress.

JIMV on May 21, 2015 at 5:01 PM

But does this merit a new round of outrage directed at the NSA, or at Snowden?

That this would be an actual question in a Hot Gas post shows how far this site has fallen.

mythicknight on May 21, 2015 at 5:08 PM

I have an experiment for those interested…

… Look up Google Play Application Permissions List and find out what can be accessed on your device if you “Agree” to the terms.

Enjoy…!

Seven Percent Solution on May 21, 2015 at 4:34 PM

Yep. I’m amazed at the permissions that people happily sign away on their apps. It’s insane. But most of the “tech-savvy” youngsters don’t seem to care and will gladly sign off on location data, network access, and all other sorts of things for some free sudoku program.

ThePrimordialOrderedPair on May 21, 2015 at 5:10 PM

This is why I always keep a fire going, throw some plastic on the blaze and instant smoke signals.

Bishop on May 21, 2015 at 5:20 PM

Even Hitler and Stalin and Mao didn’t spy on their people this much.

VorDaj on May 21, 2015 at 5:48 PM

All this and we still can’t find Hillary’s e mails.

hip shot on May 21, 2015 at 5:52 PM

All this and we still can’t find Hillary’s e mails.

hip shot on May 21, 2015 at 5:52 PM

Or Barry O’s college class lists, grades, SAT scores….

albill on May 21, 2015 at 6:15 PM

Behold, the great heroes!

Assange! Manning! Snowden!

thebrokenrattle on May 21, 2015 at 6:22 PM

Even Hitler and Stalin and Mao didn’t spy on their people this much.

VorDaj on May 21, 2015 at 5:48 PM

You think they would have if they had this technology? I think they would, though there would have been a lot of spying on each other within their parties. We probably have that here as well as the spying of members of the other party.

Dr. ZhivBlago on May 21, 2015 at 7:25 PM

Behold, the great heroes!

Assange! Manning! Snowden!

thebrokenrattle on May 21, 2015 at 6:22 PM

Heh, looks like they’re ready for the nooses and the chairs to be kicked out from under ’em. Most here would rather enjoy that spectacle (after a heartfelt rendition of Amazing Grace of course.)

LOL

Dr. ZhivBlago on May 21, 2015 at 7:27 PM

When will something be released from the Snowden trove we didn’t already know?

Akzed on May 21, 2015 at 8:04 PM

Const, you are getting way out of line on this topic. The NSA is no more a threat to you than the Marine corp is, and your paranoia about it amounts to falling for foreign propaganda against effective US intelligence gathering. If you want to worry about federal infringements on your rights, worry about the FBI, which has a long history of political abuse.

Count to 10 on May 22, 2015 at 9:04 AM

That this would be an actual question in a Hot Gas post shows how far this site has fallen.

mythicknight on May 21, 2015 at 5:08 PM

Morrisey is simply pushing another version of, “. . . if you’re not doing anything wrong, why worry about it?” Ben Franklin was spot on with his remarks in 1758 about ‘Liberties’ and ‘Security’.

meerbock on May 23, 2015 at 11:35 AM