Daily Management Review

New Snowden doc reveals NSA used app to spy


05/23/2015


NSA and its partners used Apps and considered tapping mobile software stores of Google and Samsung to spy, allege a new set of documents revealed by Former NSA contractor Edward Snowden.



Intelligence agencies considered tapping the mobile software stores of both Google Inc. and Samsung Electronics Co. according to a document leaked by former U.S. contractor and current whistleblower Edward Snowden.
 
The document also alleges that the agencies were considering tapping a web browser that is currently owned by China-based e-retailer Alibaba Group Holding Ltd. It has been almost two years since Snowden made the controversial leak exposing the intricate world of spy agencies in the US. As a counter-effect to the leak, US-based technology companies took a step further to make talks with Washington to reform its surveillance practices. The snooping practice has rang alarm even within US allies such as Germany. To address concerns, Alibaba’s UCWeb mobile-browser arm has asked UC Browser users to update their software to the latest version, Alibaba said. “We strongly object to anyone who might seek to target our users’ data or personal information,” a spokeswoman said to Wall Street Journal.
 
The mobile browser is very popular in China as well as Asia and this leak is set to fuel increasing tensions between US and China. Besides China and India, UC Browser is also popular in Pakistan, Indonesia and Russia. The Intercept, a news website involved in the leaks from Snowden, has exposed these new set of documents.  The NSA has maintained that its operations are “strictly conducted under the rule of law.”
 
The intelligence agencies cited in the document include the NSA and its peers in Canada, the U.K., Australia and New Zealand. The document also reveals that these agencies were looking into tapping connections between app servers in other countries and their customers. The agencies even considered using a cyber-attack in which a person’s electronic device is tricked into thinking it is relaying data to a legitimate destination. It also cited the potential for “harvesting data at rest” and “harvesting data in transit.”
 
The intelligence agencies were analyzing how to use the UC Browser to leak information such as codes that could identify users of cellular networks, their mobile phone numbers, SIM card numbers and device details, the document indicated. App was even used as a secret channel to discuss between spies involved in covert operations.

Citizen Lab, a Toronto-based human rights research group, in a report Thursday said its researchers found that UC Browser poorly secured data that was transmitted by the app. The NSA used a program named “IRRITANT HORN,” and its “Five Eyes” partners including Canada, Australia, the UK, and New Zealand penetrated the app stores for these devices. That allowed them to have permanent connections to those devices that connected to it, and to deliver spyware for data collection and dissemination. Citizen Lab said it disclosed its findings to Alibaba and UCWeb last month and that it tested the latest version of the app downloaded from UCWeb’s China site on Tuesday.