In 2011 and 2012, the NSA and the communications intelligence agencies of its “Five Eyes” allies developed and tested a set of add-ons to their shared Internet surveillance capability that could identify and target communications between mobile devices and popular mobile app stores—including those of Google and Samsung. According to an NSA document published by the Canadian Broadcasting Corporation, the targeting capability could have been used to launch “man-in-the-middle” attacks on mobile app downloads, allowing the NSA and other agencies to install code on targeted devices and gather intelligence on their users.
The document—a 2012 National Security Agency presentation obtained from former NSA contractor Edward Snowden—details efforts by the NSA, Canada’s Communications Security Establishment (CSE), and the other “Five Eyes” allies to identify the “fingerprints” of communications between mobile devices and app stores. The capabilities were developed during two collaborative workshops: one in November 2011 hosted by the Australian Signals Directorate, and the other hosted by Canada’s CSE in February 2012. The February workshop was attended by analysts from all of the Five Eyes communications intelligence agencies, the NSA slides joked, as “everyone wanted to experience a Canadian winter!”
These fingerprints were turned into “mini-plugins” for XKeyscore, the NSA’s worldwide distributed Internet surveillance system. XKeyscore can apply these plugin rules to search through streams of Internet traffic for matching data. It has been used as a targeting system for various types of network exploitation attacks—including the “Quantum” man-in-the-middle attacks that allow the agencies to hijack or modify traffic between a computer or device of interest and various Web services to decrypt it, insert malware into the stream, or present altered versions of the content.
Read 9 remaining paragraphs | Comments