The National Security Agency, working with international surveillance bodies, developed plans to infiltrate popular online app stores so it could covertly install malware on scores of smartphones. This revelation comes from a document obtained by Edward Snowden and parsed by CBC News and the Intercept.
The slide presentation lays out a plan, developed in 2011 and 2012, to track the movement of data on the physical infrastructure of the Internet by determining how and where smartphones connected to the Google and Samsung app stores. The group wanted to use this information to position itself to launch man-in-the-middle attacks (in which the operative lies in wait on the path that data take between an origin server and a receiver). The idea was that as Samsung and Google users downloaded apps, they would also be downloading surveillance malware without knowing it. The program was dubbed "IRRITANT HORN."
Agents working on the covert initiative were part of the so-called Network Tradecraft Advancement Team, and they came from the “Five Eyes” surveillance collaboration of Canada, the United Kingdom, New Zealand, Australia, and the United States. As the Intercept points out, other documents have indicated that the “Five Eyes” developed surveillance malware for broad distribution, but it wasn't clear how the alliance had planned to spread it.
In addition to discussing the propagation of surveillance software, though, the new document also describes efforts to place messages and other communications data on smartphones. The group wanted to send “selective misinformation to the targets’ handsets” to, among other things, confuse adversarial intelligence agencies. The document even describes efforts to access Samsung and Google's app stores as a way of collecting information on the companies' customers.
The efforts seem to have been targeted at preventing “another Arab Spring” by having access to consumers' smartphones, knowing their habits, and being able to spread messages. The slide show describes one of the team's goals as collecting “usable knowledge about how to acquire intelligence FROM the network.”