The Intercept and CBC News report that back in 2012, the US National Security Agency (NSA) along with allies from the so-called ‘Five Eyes’ alliance (which also includes Canada, the UK, New Zealand and Australia) developed a plan to hijack data links in the Google Play and Samsung app stores:
As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing…
…The agencies were particularly interested in the African region, focusing on Senegal, Sudan and the Congo. But the app stores targeted were located in a range of countries, including a Google app store server located in France and other companies’ app download servers in Cuba, Morocco, Switzerland, Bahamas, the Netherlands and Russia. (At the time, the Google app store was called the “Android Market”; it is now named Google Play.)
Another major outcome of the secret workshops was the agencies’ discovery of privacy vulnerabilities in UC Browser, a popular app used to browse the Internet across Asia, particularly in China and India. Though UC Browser is not well-known in Western countries, its massive Asian user base, a reported half billion people, means it is one of the most popular mobile Internet browsers in the world.
…The case strikes at the heart of a debate about whether spy agencies are putting ordinary people at risk by secretly exploiting security flaws in popular software instead of reporting them so that they can be fixed.
I have to say though, as the cache of Snowden documents continues to be drip fed to us – it’s The Intercept’s core mission – it’s becoming harder to be shocked by the revelations. The flippant conclusion is: Spies gonna spy.
The NSA and the equivalent intelligence agencies in the UK, Australia, Canada and New Zealand exist to hoover up information, particularly from unstable regions in Africa and the Middle East, and economic and political rivals like China. The latter is not shy about using underhand technological means to hack into Western computer systems.
We may dislike it and should lobby our political representatives hard to make these agencies more accountable, but ultimately they’re doing what they were designed to do.
Can we please stop responding with faux-shock and hysteria?