Technology

Australia a leader in hacking mobile phones, Snowden document reveals

Australia's electronic espionage agency has exploited weaknesses in a mobile browser used by hundreds of millions worldwide and planned to hack into smartphones through data links to the Google and Samsung app stores, a leaked top secret intelligence document has revealed.

The Australian Signals Directorate (ASD) and its "Five Eyes" signals intelligence partners in the United States, Britain, Canada and New Zealand have been engaged in close collaboration to target the UC Browser, an app used by more than 500 million people, mainly in China and India and across south-east Asia, the Middle East, Africa and Russia.

UC Browser revelations: US whistleblower Edward Snowden.
UC Browser revelations: US whistleblower Edward Snowden. Photo: AFP

A 2012 United States National Security Agency (NSA) document, leaked by former intelligence contractor Edward Snowden and published by The Intercept website and the Canadian Broadcasting Corporation, shows that the ASD has played a leading role in efforts to exploit the UC Browser after it was secretly discovered to be leaking details about its users through data connections to app marketplace servers operated by Samsung and Google.

The top secret project was pursued by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes signals intelligence experts from the ASD, NSA, Britain's Government Communications Headquarters (GCHQ), Canada's Communications Security Establishment (CSE) and New Zealand's Government Communications Security Bureau (GCSB).

The leaked document shows the ASD hosted a top secret workshop in November 2011 with GCHQ and CSE representatives in Canberra and virtual participation from NSA and GCSB via a secure chat room. This was followed by a second workshop hosted by the CSE in Ottawa in February 2012, which included direct representation by all Five Eyes signals intelligence agencies and aimed to "build on the work started" at ASD.

The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The Five Eyes agencies used the internet spying system to identify smartphone traffic flowing across internet links and then to track down smartphone connections to app marketplace servers operated by Samsung and Google. The popular UC Browser, owned by the Chinese tech giant Alibaba Group, emerged as a particular point of weakness. It is the world's most popular mobile browser behind those pre-installed on smartphones.

Outcomes from the ASD hosted workshop included development of techniques "to identify [a] wide variety of potential converged data" including "specific components of raw HTTP data activity that alludes to the browsing, downloading and installation of mobile phone applications".

ASD employed an analytic program codenamed "Fretting Yeti" and the project was trialled under the codename "Crafty Shack".

As part of a further "tradecraft and analytics" trial code named "Irritant Horn", the Five Eyes agencies trialled mass surveillance techniques in anticipation of the possibility of "another Arab Spring" in the Middle East. Signals intelligence analysts also found an intelligence adversary was using the UC Browser app in covert communications relating to its operations in Western countries. They trumpeted this intelligence success as providing an "opportunity where potentially none may have existed before".

Significantly the newly published document shows the ASD and its partners wanted to "exploit" the Google and Samsung app stores for "harvesting" information about phone users and as launching pads to infect phones with spyware. 

Previous disclosures from documents leaked by Snowden have shown Five Eyes agencies have designed spyware for iPhones and Android smartphones, enabling them to infect targeted phones and harvest emails, texts, web history, call records, videos, photos and other information stored on them. They have also been keen to find ways to send selective misinformation to targets' handsets as part of so-called "effects" operations that are used to spread propaganda or confuse adversaries. However, the methods used by the agencies to get the spyware on to phones have remained unclear.

Previous disclosures from documents obtained from Snowden have shown that the ASD has targeted Indonesia's largest mobile phone network as well as the telecommunications systems of other south-east Asian nations, China, and Australia's small Pacific Island neighbours.

Another 2012 NSA document published last year revealed that the ASD obtained nearly 1.8 million encrypted master keys, which are used to protect private communications, from the Telkomsel network, and developed a way to decrypt almost all of them. 

The Australian government has repeatedly refused to comment on specific disclosures from the papers leaked by Snowden, and the ASD has declined to comment in relation to the latest revelations. 

Last year Prime Minister Tony Abbott insisted that Australia would not use intelligence "to the detriment of other countries".