Top-secret documents were leaked to the press recently, suggesting that the NSA was planning to infect smartphones with spyware by hijacking the Google and Samsung app stores. According to the information, there were five countries involved in the project, including the United States.
The National Security Agency and its counterparts from Canada, the United Kingdom, Australia and New Zealand were all part of a surveillance program dating a few years back. The intelligence agencies from all five nations, collectively codenamed the “Five Eyes” alliance, were to be placed under the oversight of a special unit called the Network Tradecraft Advancement Team.
The document was obtained by the press courtesy of the infamous NSA whistleblower Edward Snowden. For the time being, however, it is unknown what became of the hijacking program.
The NSA plan did not involve only collecting data from the infected devices, but also using them for surveillance operations. According to the documents, the spyware should have also enabled the agency to use manipulation techniques on certain targets, by sending them “selective misinformation.”
The project was well under way at the time the documents were made. The Five Eyes were already engaged in several workshops in Canada and Australia, still trying to figure out the tactics before actually starting the program.
As far as it is known, the first stage of the NSA surveillance agenda involved infiltrating the Samsung and Google app stores. From there, the spyware was supposed to hijack phone users’ internet connections that would have allowed the agency to send malicious software to designated devices.
The technique is not an NSA invention, and it is widely known among computer programmers as a “man-in-the-middle” attack. A hacker would have been placed between the app servers and smartphones, allowing him to control any data sent between the two – hence, the man in the middle.
According to Citizen Lab human rights group, the move would have been a rather irresponsible decision on behalf of the NSA, as the security breach would have exposed hundreds of millions of smartphone users to attacks from basically any country. Eventually, the program could have backfired in a really ugly way for the agency.
The NSA did not respond in any way to the allegations. As for Google and Samsung, both companies said they refrain from making any comments for the time being.
Image Source: IB Times