Western secret agencies partnership known as the "Five Eyes" launched a surveillance unit called Network Tradecraft Advancement Team (NTAT) to spy on smartphone users as well as a major Chinese mobile web browser. As top secret document obtained by Edward Snowden has revealed, they planned to hijack data and insert malware into Samsung devices with Google apps.
The documents obtained by Edward Snowden and published by CBC on May 21, 2015, revealed plans from as early as 2011 from major spy agencies to attempt and compromise Google and Samsung servers to spy on their mobile users as well as a major Chinese mobile web browser. The united effort was spearheaded by government spy agencies from Canada, U.S., New Zealand, Australia, and Britain, a partnership known as Five Eyes.
Their goal, to “harvest the wealth” of information stored on mobile phones all over the world, and find ways to compromise those phones by implanting malware that they control. According to the document, the agencies ultimately sought to associate mobile users and the telecommunications with their online activity, by using the Spy super browser called XKEYSCORE.
Motivated by the potential of “another Arab Spring,” the agencies collected data at large flowing through the vein of the Internet and developed algorithms to identify mobile data in particular, tracing it to servers operated by Google and Samsung, with which users would download or update apps from.
The agencies were particularly interested in the African region, focusing on Senegal, Sudan and the Congo. But the app stores targeted were located in a range of countries, including a Google app store server located in France and other companies’ app download servers in Cuba, Morocco, Switzerland, Bahamas, the Netherlands, and Russia. Google and Samsung have so far declined to comment.
During the workshops, NTAT discussed a vulnerability in the UC Browser, a massively popular Chinese and Indian mobile browser with over half a billion active users. The vulnerability leaked information such as search queries, SIM card numbers and unique device IDs of some people, or in other words, data that can be used track people and gain insight into their lives without their consent, as revealed by the Citizen Lab Toronto based research group earlier this month.
After the leak was reported to UC Browser by Citizen Lab in mid April of this year, the company quickly patched the leak -- more than three years after Five Eyes had discovered it. A spokesman for The Alibaba Group, the parent corporation of UC Browser, told CBC that they take security “very seriously and we do everything possible to protect our users.”
The spokesperson added that the company had found “no evidence that any user information has been taken,” though as pointed out by Ryan Gallagher of The Intercept, such surveillance was likely undetectable.
Surveillance, however, was only the initial stage of the multi-layered cyber attack. Stage two was the compromise of targeted mobile phones by hijacking the connection between Google and Samsung's servers. Users would then download compromised software effectively enabling the agencies behind the scenes to take root control of their target's devices.
To do this, it was decided that they would need to conduct a man-in-the-middle-attack (MiMT) on the connection between users and the servers. Gallagher writes:
“The method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones.”
This is not the first MiMT that Five Eyes has carried out. The Intercept also reported on how these agencies attacked and impersonated Facebook servers in order to infect their suspects. It should be noted, however, that Android devices are not alone as Snowden also revealed back in January that iPhone users can be potentially tracked by the NSA.
But while supporters might argue that this serves the interests of national security, evidence is still lacking as to the effectiveness of mass surveillance and the weakening of security in massively popular communication networks to catch alleged terrorists, not to mention the moral and political implications.