TR Member Perks!

A top-secret NSA document, which was recently shared by Edward Snowden with the CBC, shows a joint plan to by intelligence agencies in the US, UK, Canada, Australia and New Zealand to hijack Google’s and Samsung’s app stores to install malware that could be used for surveillance purposes. These five countries, known as the five eyes, also exploited weaknesses in certain apps for the purpose of tracking suspected terrorists.

The document, dated from 2012, shows that a joint team from the five eyes countries held several workshops in Canada and Australia throughout 2011 and 2012. The team was attempting to intercept signals between a user’s device and a server when an app is downloaded or updated. Ultimately, their goal was to implant spyware on people’s devices, in order to track their Internet usage. The joint team apparently respected an agreement not to spy on each other’s citizens during this operation, and targeted app servers hosted in France, Switzerland, the Netherlands, Cuba, Morocco, the Bahamas and Russia, according to the document.

The five eyes team also discovered security weaknesses in UC Browser, a mobile browser popular in China and India which is gaining popularity in North America. According to Citizen Lab, a human rights and technology research organization, the browser uses a form of encryption which is susceptible to publicly available tools. Secure apps like UC Browser normally encrypt communication with servers when they install or update, in order to keep certain detail about the user private. Due to a weakness in the encryption used by UC Browser, government agents as well as hackers could easily get access to information like locational data and device IDs.

Alibaba, the Chinese technology giant which owns UC Browser, issued a statement that they had no knowledge of the security weakness and noted that this issue predated the acquisition of UC Browser by Alibaba. The statement encourages users to update to the latest version of UC Browser to avoid security risks. CBC had informed Alibaba of the security risks in mid-April, and in response to it they released a software update to address the issue.

Canada’s intelligence agency refused to comment on its capabilities when questioned by the CBC, but only stated that their mission to collect intelligence to protect Canadian citizens and that they do not direct their actions at Canadians or within Canada. Britain’s GCHQ commented that all of its work is within a strict legal framework. The American NSA, as well as intelligence agencies from Australia and New Zealand, refused to comment.

Do you think the NSA has found a way to implant spyware on devices in the time since this document was created? Leave your comment below.


Max Michael

Senior Writer

I’m a technology reporter located near the Innovation District of Kitchener-Waterloo, Ontario.

  • Absolutely disturbing. Has NSA even succeeded in anything they sat out to do? I remember them gloatining about stopping a terrorist threat, only for the British to say it was really their effort that diffused a situation through practical means rather than spying on everyone.

  • SevTheBear

    So we have people doing DOSS attacks everyday and sometimes hacking airplanes but NSA is more busy with peeping inside browsers and apps… these guys are idiots.

  • Azure

    Burn them to the ground. How are they allowed to say that they are doing it for terrorism while only interested in looking at the latest app you are on maybe check your bank details too. Absolutely disgusting who is funding these hackers?

  • Clairity

    If I recall correctly, back when this shit first hit the fan in 2013, the head of the NSA at the time specifically came out and said that he couldn’t think of a single instance in which all this spying shit lead to them stopping a terrorist attack. I can’t imagine that changing in only two years.

  • Typical

    According to orientation, they found Bin Laden by tracing phone calls and such from certain of his associates and locating them. Of course I don’t believe that gives them license to spy on everyone. I don’t remember the exact detail, but they claimed it was them.

  • SugarFreeTargets