NSA Uses Angry Birds, Candy Crush to Spy on Americans
January 28, 2014 1:00 PM
Browser cookies, mobile apps do the NSA's data mining work for it
The words are ignored by most of us:
This application has access to the following...
...but to everyone's favorite spy agency, the
U.S. National Security Agency
permissive features and the data they mine
can represent a "Golden Nugget!" of information, according to a 2010 agency slide deck.
I. All Your Metadata Are Belong to U.S.
It's already well known that the NSA is
spying on Americans, ally states, and everyone else
intercepting internet communications from both PCs and mobile devices
, plus telephony metadata. Sometimes this spying is hard work, but it turns out these agencies are also greedily eye the metadata mined by mobile applications, as a quick and dirty route to spying on the public.
Data mining apps are likely sharing your personal information with the NSA for deep storage.
[Image Source: NProtect]
Potential privacy concerns
about companies like Google Inc. (
) and Facebook, Inc. (
), as well as top mobile/social gaming firms like
Facebook app-maker Zynga
Angry Birds developer
Rovio Entertainment Ltd., have been raised in the past. Users have mostly ignored such warnings, though, so mobile providers have been able to
quietly amass hordes of data
which they use to target advertisements at customers.
Rovio admitted in 2012 to collecting certain private information to monetize its apps, but says that it does not "knowingly" collect app data for users under 13.
What your app knows about you might surprise you. [Image Source: The New York Times]
Rovio and others harvest user details via the help of third party toolkits, which contain plug-and-go codes to monitor user behavior. The information gathered can help third party ad partners -- or direct ad distributors like Google, Apple, Inc. (
), and Facebook --
guess what ads might work on you
. And smart advertising can mean big profits.
NSA Guide to Spying on Americans, Foreigners via Smartphone apps
When it comes to cellular networks, app developers typically feel less need to obfuscate data as there's often the false assumption that interception is prohibitively expensive/complex. This misconception has even been seen at times in the security analysis space.
Many security experts worry about the wealth of app-mined plaintext (unecrypted) cellular data traveling about, but most discussion has focused on the endpoints -- where the data is being stored.
The NSA taps data at the cable level. [Image Source: Unknown (left); AFP (right)]
That's because no one expected hackers to be
tapping into the fiber optic backbone
of the internet -- an incredibly complex and time-consuming process. But that's
exactly what the NSA has been revealed to be doing
. And unlike app makers and OS platform makers, who at most have access to data of a substantial chunk of consumers, a spy agency tapping the backbone has the ability to basically achieve
total data dominance
. U.S. and UK spy agencies can literally see everyone's data, regardless of what platform you're on.
II. Profiling Your Private Life
According to an accompanying deck by the NSA's UK sister agency, the
Government Communications Headquarters
(GCHQ), for an app like Angry Birds, that includes:
unique handset ID number
operating system version
intimate personal details
Burstly Software's Dev Kit, used to monetize Angry Birds, can profile your marital status and sexual behavior. [Image Source: Propublica]
The New York Times
-- who along with
received leaked documents originally leaked by Edward Joseph Snowden -- reports:
The streams are divided into “traditional telephony” — metadata — and others marked “social apps,” “geo apps,” “http linking,” webmail, MMS and traffic associated with mobile ads, among others. (MMS refers to the mobile system for sending pictures and other multimedia, and http is the protocol for linking to websites.)
The basic handset information provided by an app like Angry Birds could help the government attack your device with malware for deeper monitoring. One GCHQ slide suggests:
GCHQ's targeted tools against individual smartphones are named after characters in the TV series The Smurfs. An ability to make the phone's microphone 'hot', to listen in to conversations, is named "Nosey Smurf". High-precision geolocation is called "Tracker Smurf", power management – an ability to stealthily activate an a phone that is apparently turned off – is "Dreamy Smurf", while the spyware's self-hiding capabilities are codenamed "Paranoid Smurf".
GCHQ Guide to Smartphone Spying
Cookies and other micro-software
can also be employed for similar data-mining gains, when you browse on your PC. Ironically the UK has
one of the world's strictest laws regulating third-party cookies
, the local spy agency is reportedly spying on citizens via its own distributed cookies and the intercepted results of those third-party cookies.
A UK slide states, "[Cookie information] [is]
gathered in bulk, and [is] currently our single largest type of events
Cookies are a top data source for the NSA and GCHQ. [Image Source: Magdex USA]
Past NSA slides indicate that the NSA is
attacking Americans via artificial intelligence queries
. Type something the NSA finds suspicious? It can start installing malware on your machine. The agency cleverly claims it's not targeting Americans as many of these attacks are fully automated and require no human intervention. Thus the government
uses criminal tactics
to attack your data, but says that's okay because no physical humans were involved.
III. Personal Information: Ammo for Blackmail, Suppression
According to the GCHQ deck, potential information that could be mined from various apps also includes:
sexual behavior (e.g. whether you're a "swinger")
The NSA and GCHQ know what you're doing between the sheets. [Image Source: Scanpix]
The NSA and GCHQ call this a "perfect scenario" for their goal of spying on everyone. A slide reads, "Target uploading photo to a social media site taken with a mobile device. What can we get?"
An NSA cartoon depicts apps as a magical fairy that gives the spy agency your data.
The answer appears to be everything from user uploaded photos, to intimate details of users life, to users work information. But the question is how much information the NSA and GCHQ were really intercepting from mobile apps. Recall that past documents and testimony indicated that these capabilities not only exist, they were being used to spy on most Americans -- around
75 percent of data transfers
in the case of internet traffic and roughly
99 percent of data transfers in the case of telephone calls
With mobile apps, the GCHQ gleefully cheers, "[This] effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system."
The NSA is spying on Google Maps queries to track Americans.
The seizure of image texts (MMS) and information on citizen's private lives is especially alarming
, as the NSA's and GCHQ's have the potential to try to use the personal foibles of politicians (affairs, sexual orientation, etc.) to blackmail them into supporting increased domestic spying and a transfer of power to the intelligence community.
The NSA has already essentially
admitted to spying on Congress
, telling them they get "the same privacy protections" as normal Americans. How do you get away with such tactics? You could claim you only saw that data via "an accident" -- the blanket excuse the NSA uses for its analysts who
break the law thousands of times a year
IV. What Does the NSA Say?
An NSA official similarly indicated that it was likely mass harvesting senstive data from Americans and citizens of other nations. They commented to
The communications of people who are not valid foreign intelligence targets are not of interest to the National Security Agency. Any implication that NSA's foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true. Moreover, NSA does not profile everyday Americans as it carries out its foreign intelligence mission.
communications that we are authorized by law to collect
for valid foreign intelligence and counterintelligence purposes – regardless of the technical means used by the targets.
data of US persons may
be incidentally collected
in NSA's lawful foreign intelligence mission, privacy protections for US persons exist across the entire process concerning the use, handling, retention, and dissemination of data. In addition, NSA actively works to remove extraneous data, to include that of innocent foreign citizens, as early as possible in the process.
Continuous and selective publication of specific techniques and tools lawfully used by NSA to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies – and places at risk those we are sworn to protect.
The NSA implies it seizes corporate mined data to spy on Americans. [Image Source: NYPost]
Likewise the GCHQ spoksperson comments:
It is a longstanding policy that we do not comment on intelligence matters.
Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework that ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position.
Britain's GCHQ headquarters. [Image Source: Duncan Campbell]
Government pressure in the European Union and U.S.
has forced companies like Google and Microsoft Corp. (
) to limit their data storage to several months at most. But the NSA stores data from U.S. citizens and foreigners for at least 15 years.
V. Der Wille Zur Macht
One major concern is that these massive data troves could be targets for malicious hackers -- a similar concern as what is voiced about internet advertising/data-mining firms, only on a far greater scale given the government's ability to harvest everyone's data.
Other concerns include the potential for political suppression, military-intelligence coups, individual abuses (e.g. people stalking their exes), and corporate espionage.
The NSA could use its data to silence political opposition in Congress.
U.S. government audits confirmed some of these abuses occurred. While full-blown political suppression may not have been used, President George Walker Bush (R) used his power to monitor pro-peace groups like the Quakers, while President Obama used his authority to
spy on anti-corporate groups like Occupy Wall Stree
t, according to various documents. Other documents also indicate that analysts "occasionally"
used software to stalk their current or former lovers
, a practice that's frequent enough to have earned a nickname -- "LOVEINT" -- within the intelligence community.
The programs are also costly. According to Canadian intelligence officials, the NSA spent an estimated that in 2007 the budget for app spying quadrupled from $204M USD to $767M USD. Spending today is thought to be in the billions of dollars yearly.
It's easy to understand why the NSA and GCHQ would be keen on seizing this data; platform providers and app developers have already done the hard work of collecting and performing early characterization on user characteristics. The spy agencies can swoop in and seize the fruits of their labor.
Still, the question of why exactly the NSA and GCHQ are spending so much remains to be asked.
The NSA admittedly spent hundreds of billions to spy on Americans, and it admits it only contributed to the investigations of "possibly" one or two terror plots at most.
The NSA is committed to illegal surveillance of Americans. [Image Source: Whoviating]
Just how woefully incompetent are these tools at identifying terrorists? Well, according to a 2009 test by the NSA and GCHQ, using a small, randomly selected sliver of the NSA's database and 120 computers, the profiling scripts identified 8,615,650 "actors" -- potential national security threats. When the two agencies added in a small section of the GCHQ data set, that number ballooned to 24,760,289 actors.
The agency essentially admit that in both cases millions of law-abiding Americans were identified making the tools basically useless for national security. Or in their words:
"Not necessarily straightforward"
"Analysts [are] dealing with immaturity"
While its tools endanger national security and are virtually useless for spying on terrorists, they offer ample opportunity for political and financial power grabs. [Image Source: PolicyMic]
If the NSA applied its full database -- necessary to truly track down terrorists -- it's not difficult to imagine the results returned might include one million individuals. Even if you filtered such results, this demonstrates definitively how this technology is currently useless to improve national security.
At the same time it actively endangers national security in other ways, and endangers citizen freedoms.
To summarize such tools endanger the public, but offer the potential to subvert free elections and the free market. Sounds like something worth spending billions on right?
U.S. and British taxpayers pay twice -- first in taxes, second in lost business due to the untrustworthiness of their governments. [Image Source: Unknown]
Well, that's what the bloated national governments of the U.S. and its former imperial master, Britain, seem to think.
The New York Times
“We do believe we have a moral responsibility to keep porn off the iPhone.” -- Steve Jobs
NSA Refuses to Answer to Congress
January 6, 2014, 3:00 AM
Tax and Spy: How the NSA Can Hack Any American, Stores Data 15 Years
December 31, 2013, 12:36 PM
Report: NSA Intercepts PC Deliveries, Pays Cybercriminals to Spy on Americans
December 30, 2013, 3:46 PM
Federal Judges Divided on Whether Mass-Spying Violates 4th Amendment
December 27, 2013, 12:53 PM
NSA Snares Americans' Porn Viewing Histories in Effort to Target Muslims
December 1, 2013, 9:00 PM
Google plans ultra-fast wireless Internet for Research Triangle Park, N.C.
August 12, 2016, 6:30 AM
Twitter Senior VP: "Diversity is Important, But We Can’t Lower the Bar"
November 9, 2015, 9:59 AM
CNN Resorts to Internet Censorship to Promote Clinton Over Senator Sanders
October 15, 2015, 2:47 PM
Breaking Bad: How to Crash Google's Chrome Browser With Just 8 Characters
September 23, 2015, 11:08 AM
Quick Note: Amazon UK Offers £10 Back on Any Order £50 or Over
August 3, 2015, 12:05 PM
Editorial: Reddit Allows Itself to be Hijacked as a Hate Platform For Racist Bigots
July 21, 2015, 6:32 PM
Most Popular Articles
Problems with Windows 10 – Update Now
October 15, 2016, 7:30 AM
Is Razer Blade Stealth Laptop For You?
October 16, 2016, 5:00 AM
Bluetooth Saves Lives
October 16, 2016, 7:05 AM
Innovative Neurotechnology in Sound Therapy Reduces High Blood Pressure and Migraines
October 16, 2016, 5:00 AM
Car Insurance - The Hidden Discriminatory Practise
October 18, 2016, 5:00 AM
Latest Blog Posts
Tips to Prevent Smartphones From Overheating:
Oct 22, 2016, 5:00 AM
Nasa Flies Drones at Nevada Airport
Oct 21, 2016, 8:21 AM
T-Mobile Data Problems
Oct 20, 2016, 10:17 AM
Annoying Apple Watch Problems and How to Fix Them
Oct 20, 2016, 5:00 AM
Your Mail May Soon Be Delivered By Robot
Oct 19, 2016, 9:34 AM
2018 Jeep Wrangler Prototype Sells At Junkyard
Oct 18, 2016, 5:00 AM
Samsung Shines with Gold Edition Tablet
Oct 17, 2016, 9:24 AM
Tesla Hints Mysterious Product Debut for October 17th
Oct 16, 2016, 10:14 AM
Samsung Galaxy Note 7 Phones on US flights
Oct 15, 2016, 5:00 AM
Comcast Fined $2.3 Million For Unconfirmed Services Charged To Customers
Oct 14, 2016, 5:00 AM
“American singer / songwriter “Bob Dylan is awarded 2016 Nobel Prize in Literature.
Oct 13, 2016, 10:33 AM
Battery Defect in Medical Device
Oct 12, 2016, 5:00 AM
IBM Bolsters Social Services Sector With Technology Grants
Oct 11, 2016, 5:00 AM
Scientists Sound Alarm on Climate but US Still Toys With Skepticism
Oct 10, 2016, 5:00 AM
IMEX America Trade Show
Oct 9, 2016, 10:00 AM
Phone Wars – Google VS Samsung Free Gifts on Purchase
Oct 6, 2016, 5:00 AM
Member of Parliament’s opposition car exploded in Tbilist capital of Georgia
Oct 5, 2016, 2:52 PM
US Government Cuts Cord On Internet Oversight
Oct 3, 2016, 10:34 AM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information