The NSA has recently been trying even harder to lay as many more pipelines to Internet users’ data as they can. The Patriot Act has ended and the USA Freedom Act has curbed some of the agency’s spying powers. And we are likely to see more protests about the Freedom Act’s inadequacy and about the still upcoming reports on the Snowden documents. So where has the NSA been looking to burrow in and nest? Google Play was apparently very attractive to the agency as a source of intelligence, and their plans to hack the Play store on an international scale may be going active soon.
NSA Malware on Google Play
The NSA has apparently been planning an attack on the Google Play store for some time, and now the shelved plans could be brought to the implementation stage. According to a few leaks, the agency had prepared to intercept Play store users’ traffic and use malware to gain control of their devices. People trust Google Play because it is considered to be one of the most secure places to download apps for their Android devices. Since these people will not be worried about malicious elements at the Play store, they will not be likely to use their security tools such as VPNs to access their Google accounts. Of course, Google uses Transport Layer Security, but security experts have reason to believe that the NSA may have already cracked TLS encryption. Also since the Android operating system is the most popular among smartphone and tablet users, this is a great place for the NSA to launch an attack to get access to a ton of data.
The plan of the NSA called Irritant Horn was outlined in a few more of the Snowden documents released to news agency The Intercept. The project was intended as part of a propaganda movement that was spurred by the Arab Spring protests of 2010. Irritant Horn was supposed to send out deliberate misinformation to infected devices so that the NSA and their international spy partners could exert some control over the demonstrations, which were largely aroused by impassioned calls spread through social media.
International Targets Fished from Google and Samsung
According to the documents about Irritant Horn, the plan begins with an attack on the Google Play store, mobile app traffic intercepts, and the injection of malware into Play store users’ devices via downloads. The Network Tradecraft Advancement Team, composed of analysts from the Five Eyes alliance – CSEC (Canada), GCHQ (UK), NSA, and members from the Australian and New Zealand intelligence communities, are documented as the originators of the Google Play hacking scheme. The Team began meeting in 2011 in Australia to work out possible new exploits on smartphones to aid their surveillance efforts.
The plan is not only to spy on people in the US, but all over the world. For instance, the NSA had already targeted the Google Play servers in France and the Samsung protocol that handles updates for smartphones in northern Africa. The documents show that the Team had already tapped the notorious XKeyScore system of the NSA to spy on app marketplace traffic going to and from the major smartphone app players Google and Samsung. Their plan was to intercept this traffic with a man-in-the-middle attack so that the agency could insert a breed of malware that they had specially developed to tap into user devices. Once this special malware was installed, it would send the location information of the device and the contact data saved on it to the NSA.
Both Google and Samsung are not releasing any comments about the NSA hack, so we cannot verify from either company whether the plan has already been implemented. We suspect, however, that their silence is an indication of one of two possibilities – the companies may not want to admit that they have been infiltrated by the NSA, or they may be embarrassed that they have not be aware of the agency’s success in taking advantage of their networks over some time.
Lesson Learned
There is a fair takeaway here for mobile phone users everywhere. No matter what websites you visit, no matter how trusted they are supposed to be, there is always a chance that super spies or even super hackers are going to find a way in. There is really no way of course to be absolutely certain that you are going to stay safe forever. But you can minimize your chances of getting hacked and infected with malware if you have the best security tools installed on all of the devices that you use to access the Internet. The first of these is a privacy conscious personal VPN service that will encrypt your traffic with high grade encryption algorithms and secure your traffic with top level protocols and private tunneling technology. The next step is using a variety of privacy and security browser extensions from service providers who have a reputation for caring about their users. Finally, make sure that your device runs professional versions of the best antivirus and firewall suites for mobile.