New Zealand and its spying partners exploited weaknesses in one of the world's most popular mobile browsers and planned to hack into smartphones, according to top secret documents leaked this week.
The Five Eyes partners are accused of targeting links to Google and Samsung app stores in a project civil liberties activists have denounced.
The spy agencies deliberately sought security vulnerabilities, but failed to inform companies or the public, leaving the private data of millions of people at risk, civil liberties group OpenMedia said today.
The leaked Top Secret document was posted on the Canadian CBC News site, in conjunction with The Intercept, after whistleblower and fugitive Edward Snowden acquired it.
Apart from discussing how to propagate surveillance software, the newly-revealed document also described efforts to place messages and other communications data on smartphones.
"The group wanted to send selective misinformation to the targets' handsets to, among other things, confuse adversarial intelligence agencies," the Slate website said.
"The document even describes efforts to access Samsung and Google's app stores as a way of collecting information on the companies' customers," Slate added.
"Agents working on the covert initiative were part of the so-called Network Tradecraft Advancement Team, and they came from the Five Eyes surveillance collaboration of Canada, the United Kingdom, New Zealand, Australia, and the United States," Slate's Future Tense blog said after viewing the leak.
The 52-page document included details of the vuvuzela-inspired Operation Irritant Horn.
"The idea behind the Irritant Horn project is very simple," security analyst and self-styled ethical hacker Pierluigi Paganini wrote on the Security Affairs blog.
"...Cyber spies wanted to serve spyware on mobile devices running man-in-the-middle attacks to inject malicious data transmitting between the App store servers and the end-user mobile device. The malware implanted with this technique allows the intelligence agencies to control user's devices and exfiltrate data from it."
All of this is being done in the name of providing safety and yet...Canadians or people around the world are put at risk," University of Ottawa internet law expert Michael Geist told CBC.
By John Weekes
