According to new findings in Snowden's documents, the "Five Eyes" nations, which includes the U.S., UK, Canada, Australia and New Zealand planned to hack Google's mobile app store in order to infect Android smartphone users with malware.
The documents showing the project are dated between November 2011 and February 2012, so it's possible the intelligence agencies have succeeded in their goals, or at least they may have until Google implemented stronger security measures in 2013 when it found out its whole network was hacked by the NSA.
The agencies used a spying program called XKEYSCORE that seems to appear again and again in such revelations. This is a "passive surveillance" program that captures (mainly unencrypted) Internet traffic that passes through cables, which are tapped by the NSA and other Five Eyes agencies.
After the program identified which traffic represents user connections to Google's app store, the agencies could then use other programs such as IRRITANT HORN to break those connections and send their own malware to the agencies' targets. The malware, or "implants," would then grab sensitive information from smartphones such as emails, texts, web history, call records, videos, photos or other files.
It seems the main motivation for grabbing this kind of information was to avoid being blindsided in case an Arab Spring-like mass unrest happened again in the Middle East or Africa. This is why the agencies focused on Senegal, Sudan and the Republic of the Congo, at least at the time. However, the agencies also used the same programs to hack targets from France, Cuba, Morocco, Switzerland, the Bahamas, the Netherlands and Russia.
Within the same project, the agencies also managed to exploit some major vulnerabilities within Alibaba's UC Browser, a popular web browser in China and India used by half a billion people. The UC Browser was leaking information such as users' search queries, phone numbers and UIDs that can be used to track people, as well as location information protected by encryption that could easily be broken with publicly available tools.
Citizen Lab, a human rights and technology research group, contacted Alibaba last month, and the company has since fixed these security issues with an update launched on May 15. Alibaba said it has found no evidence that customer data has been leaked, although it's unlikely the surveillance of this data could have been detected.
According to Citizen Lab Director Ron Deibert, this vulnerability could have been used by criminals as well, which makes the agencies' decision not to disclose the vulnerability reckless from a cybersecurity point of view.
"Of course, the security agencies don't [disclose the information]," Deibert said. "Instead, they harbor the vulnerability. They essentially weaponize it." Taking advantage of weaknesses in apps like UC Browser "may make sense from a very narrow national security mindset," Deibert added, "but it's at the expense of the privacy and security of hundreds of millions of users worldwide."
Last year, Snowden's documents also showed that the NSA likes to masquerade as Facebook servers in order to send malware to hack into the users' computers, so Google's app store isn't the only target of such kind. Both reports also deal with information that is a few years old, so more companies could be affected by this sort of attack.