NSA Planned To Hijack Google App Store To Hack Smartphones 94
Advocatus Diaboli writes: A newly released top secret document reveals that the NSA planned to hijack Google and Samsung app stores to plant spying software on smartphones. The report on the surveillance project, dubbed "IRRITANT HORN," shows the U.S. and its "Five Eyes" alliance: Canada, the United Kingdom, New Zealand and Australia, were looking at ways to hack smartphones and spy on users. According to The Intercept: "The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012."
And most don't care (Score:5, Insightful)
Re:And most don't care (Score:4, Informative)
That's because it doesn't affect most people. Besides, in relative terms it isn't too bad. Yes, pervasive surveillance infringes people's rights[1], and (speculatively) a small number of people who haven't done anything wrong get hurt by that. But the US (and the rest of the 5 eyes) aren't China, or North Korea, or ISIS. They aren't actively killing or seriously repressing large numbers of their own people. All this stuff just doesn't impact on the life of Joe Ordinary, so he doesn't care.
Some people within the United States may disagree with you. [blacklivesmatter.com] Pot, meet Kettle. Kettle, meet Pot. [mxgm.org]
Comment removed (Score:5, Insightful)
Re:And most don't care (Score:5, Insightful)
I have to LMAO when you see those "black lives matter" and screams about "racism" when the #1 cause of death of black males is other black males beating the next four causes of death combined. Sure black lives matter....only when they are killed by white people as that supports the permanent victim class political narrative, but when black men like David Carroll and Tommy Sotomayor point out the biggest threat to the lives of black males is other black males? The black community attacks them as "coons" and "Uncle Toms"....I guess supporting an end to thugs preying on their own neighborhoods means they aren't "keepin it real".
Oh and just a little food for thought......if the plight of the American black was racism, why is it a black man from Africa, fresh off the boat, is something like 300% more likely to become middle class in 1 generation, and something like 3000% more likely to become middle class in 2 generations than an American black, despite the language and culture handicaps from not being a native? I'd say the answer is obvious, its nothing to do with race and everything to do with culture and in the USA the black culture has become toxic, glorifying violence, abusing women and not being fathers to their children, while actively condemning education as "acting white".
As for TFA this kind of shit DOES affect Americans heavily even if they do not know it, as it gets them used to living in a police state [youtube.com] where laws protecting against the ever watching eye only apply to the wealthy and the rule of law is whatever they say it is this week.
Your last paragraph describes what it is like to be Black in relationship to the System. And you seem to think it's not good. I agree!
"Black Lives Matter" isn't simply about the lives of Black people. It is specifically about how Black people are treated by law enforcement and the System in general. It is different from how White people are treated. I don't think that's really controversial. I'm not sure where your statistic about the fresh-off-the-boat African comes from, but he did not grow up in the same environment as the African American. It is about culture, as you say. But you can't critique that culture divorced from the context within which it formed.
The echoes of slavery, Jim Crow and other hardships for the Black community take their toll. Like any person, if you are treated badly as a child you have a better chance of growing up to be an angry, maladjusted person. It's the same for the Black community. You can't expect them to put up with the hundreds of years of supreme bullshit they have, and come out fresh faced and positive. And that bullshit isn't all in the past; they still put up with some of it.
So you can talk about their culture, but you can't blame it for their predicament. It was born from centuries of abuse at the hands of White people. And that's something White people need to recognize and work to end. We can't fix the past and we in the present are not to blame for it. But we should do what we can to be compassionate and understanding so as to not perpetuate the problem.
Re: (Score:3)
"Black Lives Matter" isn't simply about the lives of Black people. It is specifically about how Black people are treated by law enforcement and the System in general. It is different from how White people are treated. I don't think that's really controversial. I'm not sure where your statistic about the fresh-off-the-boat African comes from, but he did not grow up in the same environment as the African American. It is about culture, as you say. But you can't critique that culture divorced from the context within which it formed.
Sure, black lives matter, but American blacks really need to clean up their act more than everybody else needs to give them a hand up. By constantly saying it's everybody else's fault, we're reinforcing their ideas about how they themselves deserve the world for free, which is the underlying cause of their problems.
And I can prove to you, without a shadow of a doubt, that the police, or even "the white man" are NOT the cause of it all. First, let's start here:
http://www.ntnews.com.au/news/... [ntnews.com.au]
Anybody remembe
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Seriously? BlackLivesMatter? If you have to refer to a "movement" born out of a lie [washingtonpost.com] — that the robber Michael Brown, supposedly, had his arms up when he was shot — your whole position gets seriously compromised.
An inflammatory collection of lies and innuendo based, once again, on the sorry fate of another thug, whose reaction to being followed in the street was to "whoo
Re: (Score:1)
Re: (Score:2)
That's because it doesn't affect most people
It only doesn't effect those that don't give a shit about their rights. Which is most Americans that only care about their ability to buy an SUV and pay rent.
Besides, in relative terms it isn't too bad.
Sure -- enslavement by a cabal of Corporate and Government fascism beats death and imprisonment. But not by much.
The bars might be "invisible" but they are still there.
Re: (Score:1)
Re: (Score:1)
Death Penalty for the the NSA already, they are making the KGB, Nazis, and Stormtroopers look like good guys by comparison.
Re: (Score:1)
The last time I tried criticizing the US government, I got called a racist and told to shut up. Has anything changed since then? If not, then what gives you the idea that you're qualified to complain?
Sensitive little racist aren't we? Now shut up.
Re: (Score:2)
Maybe.
I'm sure there are quite a few who are clueless and / or don't care because they naively believe it doesn't impact them.
( There is a reason both parties target young ( read that: inexperienced in how corrupt politics really are ) voters so much. )
There are also quite a few who DO care, but are pretty much powerless to do anything about it outside of partying like it's 1776.
We can pretend we're still a Democracy and that voting for X over Y will magically fix things but, in reality, both X and Y are ju
Re: (Score:1)
Bad part is, this would be middle of the newspaper, at best. Most people in the USA just don't care how badly our government is abusing everyone.
"The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept."
For those not in the know, CBC News is roughly equivalent to CBS News in the US. So on the one side, it's not going to be in the "middle of the newspaper." On the other, publishing this on the CBC News website is equivalent to publishing this on the CBS News website -- meaning, it didn't even make it into a newspaper in the first place. CBC News does televisi
Unintended consequences (Score:5, Insightful)
And, since then, almost every Internet service I use has started bringing their stuff out of the US. Not saying that makes us "hack-proof" (not least from our own intelligence agencies) but businesses can't do business with other governments or even large corporations if this kind of thing is suspected to be going on.
Every week or so, another large company tells me that they've pulled all their EU users and their data to their Ireland datacentre so that only the US people's data can be "collected" by the US authorities and otherwise the NSA are just the same as any other foreign hostile entity trying to get into their systems.
DropBox was the latest one I got an email from. The government and education services already do everything in-EU anyway because of a lovely thing called the Data Protection Act (which the US really needs to start adopting its own version of), and now even people's photo-sharing sites are doing the same because they just don't want this kind of stuff reflecting on them because they happen to do business in the US too.
Tell me, people, if China were doing this everybody would be up in arms. But because it's the US, it's okay?
All they've done is made everybody go from "Maybe the NSA could do this if they wanted" to "We have to assume they are doing this, all day, every day, no matter what the law says", move their data abroad, and massively increase awareness of security and encryption.
Hell, I'm now suspicious of Elliptic Curve, especially if it relies on published curve parameters rather than them being an inherently configurable part of the exchange (like Diffie-Helman - agree on a curve that nobody has used before but has certain properties and then use that as the basis for encryption) - I have a feeling that all the push to move on COULD be a cleverly orchestrated move to something such agencies "approve" of in secret even if they say it causes them problems in public.
When you think the trick is happening, maybe it's already been done...
Fooling nobody (Score:1)
I think that [moving data to Irish subsidiary] fools nobody, we know that DropBox provided a PRISM interface to NSA, and if DropBox can get the data, then it can get it from Ireland. Ultimately you cannot use DropBox because DropBox is a US company.
But your basic point is true, US companies are suffering from NSA actions, not so much directly from the hacking, but from the Republidroids pushing through laws to make it legal. So when they push a law giving immunity to corps for providing NSA with 'cyber-secu
Re: (Score:1)
The NSA has collaboration agreements and monitoring points in place at most of the overseas cables, which feeds the XKeyScore programme. This means that even if your data is in (insert generic European country here) then it will still be eavesdropped upon by the NSA if it crosses a country border within the EU. This is what is known as 'the intelligence bazaar of Europe'.
So even if you don't use Dropbox but say JottaCloud you will still be fucked because the NSA has the ability to insert MIM-servers between
Re: (Score:2)
As a programmer, I understand the difference between a technical problem and a political one.
Yes, we should use encryption to make it more difficult (less easy?) to spy on us, and quality software design practices, testing, code audits, etc, to make it less likely we will be the victims of data theft due to exploits. But to rely on technical solutions to protect us from government surveillance is to succumb to the same fallacy as the copyright lobby, relying on inherently flawed DRM principles and playing w
Re:Unintended consequences (Score:4, Informative)
We moved our EU data to EU servers because EU law requires it.
Re: (Score:3)
Moving Dropbox data to the Republic of Ireland makes it more legal for the NSA to access the data - they're definitely not accessing US citizen's data - not that I imagine it makes much of a difference.
The difference it does make is that it's harder for the TLAs to get warrants to access the data - they now have to go via a foreign government's legal system, rather than the US rubber stamp system. The Irish government *appears* to have been less than accommodating - as show in the Microsoft email case:
The US government has claimed a US warrant is sufficient to get emails even when stored in another country, while Microsoft has resisted, arguing the US warrant power does not reach that far. The case has made business rivals into temporary allies and forced Ireland's Minister for Foreign Affairs and Data Protection to ask the European Commission to formally support Microsoft.
The [eff.org]
Re: (Score:2, Insightful)
Why only Android? (Score:2)
Why not also the iPhone, or has this already been hacked?
Re:Why only Android? (Score:4, Informative)
Why not also the iPhone, or has this already been hacked?
They obviously already have a hack, or more likely an access deal with Apple
Re:Why only Android? (Score:5, Funny)
"Spying? There's an app for that!"
But you don't need one . . . we support spying natively!
Re: (Score:1)
Considering that the iPhone is primarily an AT&T phone and AT&T has already been outed as a direct conduit to the Feds, I'd think that this would be a foregone conclusion.
Easier ways (Score:2)
Re: (Score:3)
At the end of the day the cellular firmware is a closed blob. No idea what's going on there, and with access that low level, you can do anything you want.
Simple solution: Don't Use Google. (Score:2)
Cyanogen works better than Android, and you can avoid Google Play.
Re: (Score:2)
Because there's absolutely no chance that the NSA would ever think to hijack a connection to any other source of apps beyond Google's store?
Re: (Score:2)
I'd give even money more than 50% of VPN services are fronts for intelligence agencies.
(cue someone telling me I'm being naive and not near paranoid enough because it's obviously 100%!!!! OR MORE!)
NSA (Score:2)
You are witnessing pure evil at work.
Re: (Score:3)
Nah, just business as usual.
For pure evil, you have to go to Wall Street.
Re: (Score:2)
No, they're both evil - the difference [IMO] opinion is that Wall Street does their evil in public and doesn't pretend that it's for your own good.
Irritant Horn (Score:1)
There's an ointment for that.
debian digital signing and the GPG keyring (Score:3)
this is why debian has the GPG key-signing parties, and why all packages are GPG-signed by the package maintainer when they compile it, why the ftp masters sign the package when it's uploaded, and why the release files which include the checksums of all the packages are also GPG-signed. under this scenario there are an extremely limited number of extremely paranoid methods by which debian may be compromised. even the scenario of "cooperation between long-term sleeper agents within debian's ranks" would have a one-shot opportunity to get away with introducing malicious code, following the discovery of which their GPG keys would be revoked, the perpetrators kicked out of debian, their packages pulled immediately pending a review, and the already-effective procedures reviewed to involve multi-person GPG signing that would make it even harder for compromise to occur in the future.
now, if you recall, there was an announcement a couple of years back that the development of Mozilla's B2G was declared to be "open" to all, so i contributed with a thorough security-conscious review of how to do package distribution. it turns out that Mozilla is *NOT* open - at all. several other contributors have learned that the Mozilla Foundation is in direct violation of its charter.
basically, the Mozilla Foundation *completely* ignored the advice that i gave - which was that the use of SSL as a distribution mechanism would be vulnerable to *exactly* the kinds of attacks that we see the NSA attempting to do on google. they went so far as to enact censorship, preventing and prohibiting me from pointing out the severe security flaws inherent in their chosen method of package distribution. i remain deeply unimpressed with many aspects of so-called "open-ness" of well-funded software libre projects.
Re: (Score:2)
this is why debian has the GPG key-signing parties, and why all packages are GPG-signed by the package maintainer when they compile it, why the ftp masters sign the package when it's uploaded, and why the release files which include the checksums of all the packages are also GPG-signed.
Sorry, this is almost completely worthless without reproducible builds. (which finally some people started working on in debian) A compromised build host of a single debian developer (of which there are how many?) could easily introduce backdoor into a binary package which could be very hard to detect.
But because we have gaping security holes in essential crypto and with the low quality of software in general this is a mood point anyway.
Too bad they failed... (Score:2)
The success of this sort of thing could cripple the walled garden model. We need a more decentralized software distribution system. Yes, people that are terrible at this sort of thing profit from a walled garden. But it is also a crutch, gives too much power to apple, google, etc, and is apparently a security risk.
Past Tense? (Score:3)
Such a headline gives the impression we safely dodged a bullet, while still in the midst of a massive firefight (and our side only has sparklers and rubber bands).
Oh man (Score:2)
The report on the surveillance project, dubbed "IRRITANT HORN,"
Hehheh... the gay names of various NSA projects are always great humor.
Spy agency was spying. (Score:3, Insightful)
Headline wrong (Score:2)
Propaganda article? (Score:2)
I bet its already compromised, maybe for quite some time. What if this and articles like this are put out to make people think the NSA isn't as far along as they are. /paranoid mode off
OK (Score:2)
The project was motivated in part by concerns about the possibility of “another Arab Spring,” which was sparked in Tunisia in December 2010 and later spread to countries across the Middle East and North Africa. Western governments and intelligence agencies were largely blindsided by those events, and the document detailing IRRITANT HORN suggests the spies wanted to be prepared to launch surveillance operations in the event of more unrest.
It appears in some ways that these agencies have become dependent on their digital surveillance, to the point they are missing exactly what they claim to be looking for.
I guess if you want to plan a revolution just use paper...
Additionally (Score:1)
How many Linux/Unix repositories have been hacked? What exactly drops in when you update?
Can't wait for the NSA bricking app (Score:2)
Sooner or later, every digital device we "own" will also be owned by the NSA, and they will have the ability to brick it. Even your car (thanks OnStar) will be bricked. For what purpose? Who knows? But it's clear that we have more to fear from the pricks at the NSA than we do from any hacker, terrorist or criminal, as the NSA is pure evil.
Re: (Score:2)
Yes, and soon a cashless society is thrust upon you, and then you can never be without your phone.
Another win for Windows phones? (Score:2)
Re: (Score:2)
We figure that Microsoft has been compromised since the first DoJ consent decree. So nothing new here.
Already running on your phone (Score:1)
Look, just operate under the general assumption that we live in a Police State that makes Eastern German Stasi look like kindergarten cops.
Then you'll be a good serf.
Is it unconstitutional and illegal?
Of course.
Will they do anything about it that actually changes anything?
No.
Show of hands (Score:2)
*Cricket sounds*
Ok, now show of hands: Is anybody surprised the US Populace doesn't care?
*Cricket sounds*
Reverse the curse? (Score:1)
Re: (Score:1)
Maybe someone will code an app that gives false info to the NSA when polled at regular intervals. Or perhaps gives so much info that it b0rks the NSA spy grid with useless garbage info.:)
PS Or even an app that sends a garbage routine command/request to the NSA compromised servers, you know, the gift that KEEPS ON GIVING.
Re: (Score:1)
Maybe someone will code an app that gives false info to the NSA when polled at regular intervals. Or perhaps gives so much info that it b0rks the NSA spy grid with useless garbage info.:)
PS Or even an app that sends a garbage routine command/request to the NSA compromised servers, you know, the gift that KEEPS ON GIVING.
PPS Or an app that sends a constant command/request to defrag the NSA compromised servers, or run (chkdsk C: /x /scan /f /v /sdcleanup /perf).