The U.S. National Security Agency and its allies planned to send infected links to the Google and Samsung mobile app stores in an attempt to monitor smartphones, according to documents made public by former NSA contractor Edward Snowden and published by CBC and the Intercept. The pilot project, known as Irritant Horn, would have made it possible for spies from the U.S., Canada, United Kingdom, New Zealand and Australia to spy on devices around the world without an owners' knowledge.
Intelligence officials from each country, which make up the so-called Five Eyes alliance, congregated at multiple workshops between November 2011 and February 2012 in Australia and Canada. There, the documents show, they discussed new ways to exploit app store security vulnerabilities to spy on suspected terrorists and other high value intelligence targets. Yet they don't appear to have informed Google or Samsung about issues in their stores, putting millions of people around the world at risk of being caught in the Five Eyes dragnet.
“What they are clearly looking for are common points, points where thousands, millions of Internet users actively engage in, knowing that if they can find ways to exploit those servers, they will be privy to huge amount of data about people's Internet use, and perhaps use bits and pieces of that to make correlation,” the University of Ottawa's Michael Geist, a Canadian expert on Internet law, told CBC News. “All of this is being down in the name of providing safety and yet...Canadians or people around the world are put at risk.”
None of the intelligence agencies contacted by the Intercept or CBC News would provide clarification on the specifics of the program.
This disclosure comes after a U.S. Department of Justice memo revealed that the NSA is shutting down the bulk collection of telephone metadata before the legal justification for that program expires on June 1.