#CyberFLASH: Spy agencies target mobile phones, app stores to implant spyware

pdphonejpg-jpg-size-xxlarge-letterboxCanada and its spying partners exploited weaknesses in one of the world’s most popular mobile browsers and planned to hack into smartphones via links to Google and Samsung app stores, a top secret document obtained by CBC News shows.

Electronic intelligence agencies began targeting UC Browser — a massively popular app in China and India with growing use in North America — in late 2011 after discovering it leaked revealing details about its half-billion users.

Their goal, in tapping into UC Browser and also looking for larger app store vulnerabilities, was to collect data on suspected terrorists and other intelligence targets — and, in some cases, implant spyware on targeted smartphones.

The 2012 document shows that the surveillance agencies exploited the weaknesses in certain mobile apps in pursuit of their national security interests, but it appears they didn’t alert the companies or the public to these weaknesses. That potentially put millions of users in danger of their data being accessed by other governments’ agencies, hackers or criminals.

“All of this is being done in the name of providing safety and yet … Canadians or people around the world are put at risk,” says the University of Ottawa’s Michael Geist, one of Canada’s foremost experts on internet law.

CBC News analysed the top secret document in collaboration with U.S. news site The Intercept, a website that is devoted in part to reporting on the classified documents leaked by U.S. whistleblower Edward Snowden.

Read more here

#CyberFLASH: How to Tackle Canada’s Privacy Deficit

n-ONLINE-PRIVACY-largeSix months ago, we argued that Canadians face a stark privacy deficit. A perfect storm of spy agency surveillance, privacy-undermining legislation, and lax privacy safeguards at government departments sparked concern from citizens right across the political spectrum.

Since then, sadly, the situation has further deteriorated. The government’s surveillance bill C-13 became law. The Supreme Court ruled that police don’t require a warrant to search the cell phones of people they arrest. The private tax information of hundreds of Canadians was leaked to the CBC. And the government is building a powerful new system to collect and analyze what Canadians are saying on Facebook.

All this within just the past few months. And just last week we learned that the government’s spy agency CSEC is spying on our private online activities on a massive scale. Documents from whistleblower Edward Snowden revealed that a CSEC program called LEVITATION systematically collects and analyzes 10-15 million downloads from popular file hosting websites each and every day. And, despite repeated government assurances to the contrary, Canadian Internet addresses were among the targets.

As constitutional lawyer Glenn Greenwald told the CBC, this marked the first official confirmation that Canada is engaged in the type of indiscriminate mass surveillance people have come to associate with the U.S. NSA. Anyone can be a victim — if you’ve used any of over a hundred popular file hosting websites in the past three years, chances are you’ve had your online activity collected and analyzed by CSEC, acting without a warrant and with no independent oversight.

Read more here

#CyberFLASH: CBC, NHL among sites targeted by Syrian Electronic Army hackers

data-security-featured-webTORONTO – A group of politically motivated hackers operating under the name the Syrian Electronic Army briefly defaced the websites of the CBC, the NHL and a number of other prominent news outlets on Thursday.

At around 8:30 a.m. ET, the group posted an image to its Twitter account suggesting that it had hacked the technology company Gigya, which sells social media log-in technology that companies can integrate into their websites.

“Happy thanks giving, hope you didn’t miss us! The press: Please don’t pretend #ISIS are civilians,” tweeted the group, which supports Syrian President Bashar al-Assad.

Some visitors to CBCNews.ca and other websites saw a pop-up message that said, “You’ve been hacked by the Syrian Electronic Army.”

Shortly after 9 a.m. ET, CBC tweeted that the security issue had been addressed.

“The hack resulting in a pop-up on our site has been fixed. You may still see the pop-up as the fix takes time to propagate through DNS,” the CBC wrote.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.