The National Security Agency (NSA) collaborated with the governments of four other countries on a planned attack that sought to infect millions of smartphones with spyware, according to a new report. The program, with the codename Irritant Horn, was designed to hijack the phones’ connections to app stores operated by Samsung and Google that would allow spies to surreptitiously steal data from users’ devices.
The report, first published by Canada’s CBC network and the Intercept, a news site founded by reporter Glen Greenwald, was based on internal NSA documents provided by former government contractor and NSA whistleblower Edward Snowden. The group behind the plan was the “Five Eyes” network, a collection of allied surveillance agencies from the U.S., the U.K., Canada, Australia and New Zealand that regularly collaborate on cyber -espionage and spying.

Ministry of Misinformation

The details of the hack were laid out in the PowerPoint presentation “Synergising Network Analysis and Tradecraft,” which served as the basis for a series of workshops held in Canada and Australia from 2011 to 2012.
The presentation explained that the NSA had planned to use the XKEYSCORE hacking tool to launch a man-in-the-middle attack from Samsung and Google servers. The XKEYSCORE tool allows governments to wiretap any user for whom they have a personal e-mail address, according to previously published statements by Snowden.
While earlier reports had already disclosed that the NSA and the Five Eyes governments had created spyware to attack Android and iPhone devices, the latest revelation indicated that the espionage agency was also interested in using the technique to plant misinformation on users’ phones. The agency seemed particularly interested in the potential of the technology to disrupt and prevent protests and citizen movements.

UC Browser Exploit

The presentation also described a vulnerability the NSA had discovered in the UC Browser application . Although UC Browser is not widely used in the Western world, it reportedly has around half a billion users, mainly in India and China. The exploit would allow the agency to gather information that would allow it to accurately identify the user of a device, according to the presentation.
Alibaba, the online retailing company that is behind UC Browser, has since been made aware of the exploit, which was leaking search query terms, SIM card numbers and unique device identifiers. The company behind the browser said that the vulnerability has since been fixed.
The NSA’s decision not to alert UC Browser of its vulnerability once discovered may have exposed several hundred million users to attacks from criminal hackers, who may have discovered the exploit on their own, according to the Intercept.
While the exact technique behind the attack is a new development, this is not the first time the NSA has sought to launch widespread cyberattacks against computer users. In one instance, the agency reportedly disguised itself as a Facebook server to break into computers attempting to access the social media network.