How far should security go, and how much privacy should be taken from citizens in the name of security is a question asked by many. Is it security if the NSA (National Security Agency.) hack into the Google Play store to put spyware on smartphones?
This is something the NSA planned to do in conjunction with its allies in the “Five Eyes” alliance of the United States, Australia, Canada, the United Kingdom and New Zealand. Who would have been targeted, why they were targeted, and what, if any, safe guards were in place for any innocent people caught up in the surveillance are questions unanswered. Agencies like the NSA are losing the trust of people they’re supposed to be protecting, if they haven’t already lost it.
The document came from Edward Snowden, the NSA whistleblower through CBC News and The Intercept. It speaks on strategies to find new ways to get inside mobile technology for surveillance purposes. The spying system used was XKEYSCORE, which identifies traffic from smartphones going through Internet cables to track them to Google and Samsung app market places. The aim of one pilot project, IRRITANT HORN, was to gain access to the apps a user is downloading to put spyware and other implanted software on to a smartphone to allow for easy spying and information gathering without the user being aware.
This type of attack, where the perpetrator is involved in the middle of the process, is know as a “man in the middle” attack. It is possible for an attack like this to also plant information on a phone for propaganda purposes (Or perhaps to plant fake evidence on a device of an unknowing user?). This tactic is used by criminal hackers to gain a person’s information for identity fraud or similar. The agencies wanted to get into the app store servers of companies to “harvest” information about individuals.
Areas targeted by this effort were the African and Middle Eastern regions. The Arab Spring surprised intelligence agencies that were unprepared for what was happening. In Africa, Senegal, Sudan and the Congo were targets, and app stores in France, Cuba, Morocco, Switzerland, Bahamas, the Netherlands and Russia were of interest. It was also found that UC browser, an app popular in Asia (Especially China and India.) that has half a billion users, as privacy vulnerabilities easily exploited. Finding a balance between security, privacy and protecting the innocent is difficult in this era. How can the innocent trust their government to protect them when there’s a chance they’re being targeted as if they’re guilty? It seems as if the NSA’s motto is “Trust us, even though we don’t trust you.”