'Five Eyes' Spy Agencies Planned to Hack Samsung and Google's Mobile Support

Published at: May 25, 2015

Western secret agencies partnership known as the "Five Eyes" launched a surveillance unit called Network Tradecraft Advancement Team (NTAT) to spy on smartphone users as well as a major Chinese mobile web browser. As top secret document obtained by Edward Snowden has revealed, they planned to hijack data and insert malware into Samsung devices with Google apps.

The documents obtained by Edward Snowden and published by CBC on May 21, 2015, revealed plans from as early as 2011 from major spy agencies to attempt and compromise Google and Samsung servers to spy on their mobile users as well as a major Chinese mobile web browser. The united effort was spearheaded by government spy agencies from Canada, U.S., New Zealand, Australia, and Britain, a partnership known as Five Eyes.

Their goal, to “harvest the wealth” of information stored on mobile phones all over the world, and find ways to compromise those phones by implanting malware that they control. According to the document, the agencies ultimately sought to associate mobile users and the telecommunications with their online activity, by using the Spy super browser called XKEYSCORE.

Motivated by the potential of “another Arab Spring,” the agencies collected data at large flowing through the vein of the Internet and developed algorithms to identify mobile data in particular, tracing it to servers operated by Google and Samsung, with which users would download or update apps from.

The agencies were particularly interested in the African region, focusing on Senegal, Sudan and the Congo. But the app stores targeted were located in a range of countries, including a Google app store server located in France and other companies’ app download servers in Cuba, Morocco, Switzerland, Bahamas, the Netherlands, and Russia. Google and Samsung have so far declined to comment.

During the workshops, NTAT discussed a vulnerability in the UC Browser, a massively popular Chinese and Indian mobile browser with over half a billion active users. The vulnerability leaked information such as search queries, SIM card numbers and unique device IDs of some people, or in other words, data that can be used track people and gain insight into their lives without their consent, as revealed by the Citizen Lab Toronto based research group earlier this month.

After the leak was reported to UC Browser by Citizen Lab in mid April of this year, the company quickly patched the leak -- more than three years after Five Eyes had discovered it. A spokesman for The Alibaba Group, the parent corporation of UC Browser, told CBC that they take security “very seriously and we do everything possible to protect our users.”

The spokesperson added that the company had found “no evidence that any user information has been taken,” though as pointed out by Ryan Gallagher of The Intercept, such surveillance was likely undetectable.

Surveillance, however, was only the initial stage of the multi-layered cyber attack. Stage two was the compromise of targeted mobile phones by hijacking the connection between Google and Samsung's servers. Users would then download compromised software effectively enabling the agencies behind the scenes to take root control of their target's devices.

To do this, it was decided that they would need to conduct a man-in-the-middle-attack (MiMT) on the connection between users and the servers. Gallagher writes:

“The method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones.”

This is not the first MiMT that Five Eyes has carried out. The Intercept also reported on how these agencies attacked and impersonated Facebook servers in order to infect their suspects. It should be noted, however, that Android devices are not alone as Snowden also revealed back in January that iPhone users can be potentially tracked by the NSA.

But while supporters might argue that this serves the interests of national security, evidence is still lacking as to the effectiveness of mass surveillance and the weakening of security in massively popular communication networks to catch alleged terrorists, not to mention the moral and political implications.

Tags
Hackers
Google
Cybercrime
Malware
Samsung
Related Posts
Crypto criminals got away with $5B less in 2020 as scam revenue falls
Revenue from crypto-related crime dropped by more than half in 2020 according to Chainalysis’ annual report on the subject. Cybercriminals netted around $5 billion less than the $10 billion plus they got away with in 2019, representing a 53% fall. Transactions involving illicit funds have decreased even more rapidly than the total volume of those funds, falling from 2.1% of all transactions analyzed in 2019 down to just 0.34% last year. Among the eight categories of transactions deemed “illicit” by Chainalysis, the dollar amount of crypto taken in by scams decreased the most, by 71% to $2.6B, largely due to …
Bitcoin / Feb. 17, 2021
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
Cybersecurity Experts Warn Against Popular Phones and Losing Fingers to Criminals
Speaking at the RSA Conference in San Francisco, cybersecurity experts Aaron Turner and Georgia Weidman discussed two-factor authentication and biometrics as means to securing one’s phone. Although they concur that the two-factor authentication is the way to go, there are certain caveats. Authenticator apps like Google Authenticator generally provide better security than SMS-based schemes, however, they are only as good as the devices running them. iOS v. Android — safest phones Turner also dispels the myth that iPhones are more secure than Android devices and warns against iPhones that run anything but the latest iOS 13. Amongst android smartphones, he …
Blockchain / March 2, 2020
BitMEX Observes Increase in Attacks on Accounts, Stresses Security Measures
This article has been updated to correct that BitMEX is not Hong Kong-based. Peer-to-peer (P2P) cryptocurrency exchange BitMEX has reported an influx of attacks on user account credentials, according to an official blog post on June 11. In addition to covering a litany of best practices for user security, the cryptocurrency exchange stressed the importance of using two-factor authentication (2FA) in particular. The report summarizes 2FA as follows: “2FA, sometimes referred to as ‘two-step verification’ or ‘multi-factor authentication’, adds an additional layer of security to your account by requiring not only your username and password at login, but also the …
United States / June 11, 2019
Cryptojacking Overtakes Ransomware as Top Malware in Some Countries
Cryptojacking, the unauthorized use of another’s hardware to mine cryptocurrency, has become the biggest cyber threat in many parts of the world, Bloomberg reported Dec. 14. According to research from cyber security research firm Kaspersky Lab, cryptojacking overtook ransomware as the biggest cybersecurity threat particularly in the Middle East, Turkey, and Africa. In Afghanistan and Ethiopia over one out of four detected malware are cryptocurrency miners, according to Kaspersky’s data. As cited by the Bloomberg, Kaspersky’s research “shows crypto mining attacks have risen almost fourfold in the region, from 3.5 million in 2017 to 13 million this year.” The cybersecurity …
Bitcoin / Dec. 15, 2018