VLEMX: "Providing the latest news stories and videos from worldwide sources."
Tuesday, January 28, 2014
Spying on you? There's an app for that----NSA Used 'Angry Birds' to Spy on Users
This photo provided by The Guardian Newspaper in
London shows Edward Snowden, who worked as a contract employee at the
National Security Agency, on Sunday, June 9, 2013, in Hong Kong.
Documents leaked by Snowden suggest that spy agencies have a powerful
ally in the apps installed on smartphones across the globe. (AP
LONDON • Documents leaked by former NSA
contactor Edward Snowden suggest that spy agencies have a powerful ally
in the apps installed on smartphones across the globe.
The documents, published by The New York Times, the Guardian, and ProPublica,
suggest that the mapping, gaming, and social networking apps which are a
common feature of the world's estimated 1 billion smartphones can feed
America's National Security Agency and Britain's GCHQ with huge amounts
of personal data, including location information and details such as
political affiliation or sexual orientation.
The size and scope of
the program aren't publicly known, but the reports suggest that U.S.
and British intelligence easily get routine access to data generated by
apps such as the Angry Birds game franchise or the Google Maps
The joint spying program "effectively means
that anyone using Google Maps on a smartphone is working in support of a
GCHQ system," one 2008 document from the British eavesdropping agency
is quoted as saying. Another document — a hand-drawn picture of a
smirking fairy conjuring up a tottering pile of papers over a table
marked "LEAVE TRAFFIC HERE" — suggests that gathering the data doesn't
take much effort.
NSA did not directly comment on the reports but said in a statement
Monday that the communications of those who were not "valid foreign
intelligence targets" were not of interest to the spy agency.
implication that NSA's foreign intelligence collection is focused on
the smartphone or social media communications of everyday Americans is
not true," the statement said. "We collect only those communications
that we are authorized by law to collect for valid foreign intelligence
and counterintelligence purposes — regardless of the technical means
used by the targets."
GCHQ said it did not comment on intelligence
matters, but insisted that all of its activity was "authorized,
necessary and proportionate."
Intelligence agencies' interest in
mobile phones and the networks they run on has been documented in
several of Snowden's previous disclosures, but the focus on apps shows
how everyday, innocuous-looking pieces of software can be turned into
instruments of espionage.
Angry Birds, an addictive
birds-versus-pigs game which has been downloaded more than 1.7 billion
times worldwide, was one of the most eye-catching examples. The Times
and ProPublica said a 2012 British intelligence report laid out how to
extract Angry Bird users' information from phones running the Android
Another document, a 14-page-long NSA slideshow
published to the Web, listed a host of other mobile apps, including
those made by social networking giant Facebook, photo sharing site
Flickr, and the film-oriented Flixster.
It wasn't clear precisely
what information can be extracted from which apps, but one of the slides
gave the example of a user who uploaded a photo using a social media
app. Under the words, "Golden Nugget!" it said that the data generated
by the app could be examined to determine a phone's settings, where it
connected to, which websites it had visited, which documents it had
downloaded, and who its users' friends were. One of the documents said
that apps could even be mined for information about users' political
alignment or sexual orientation.
Google Inc. and Rovio
Entertainment Ltd., the maker of Angry Birds, did not immediately return
messages seeking comment on the reports. Michael Liedtke in San Francisco contributed to this report.
According to a source knowledgeable about the agency’s operations,
the NSA does analysis of social media similar to that in the GCHQ
National security experts say that both the U.S.
and British operations are within the scope of their respective national
laws. When the Washington Post reported on the MUSCULAR program, the
NSA said in a statement that it is “focused on discovering and
developing intelligence about valid foreign intelligence targets only”
and that it uses “Attorney General-approved processes to protect the
privacy of U.S. persons.”
But privacy experts and former
government officials say the lack of disclosure by the intelligence
agencies inspires public fear that rights of privacy, free speech and
dissent have been infringed.
“Governments have no business knowing
which YouTube videos everyone in the world is watching,” said Chris
Soghoian, chief technologist for the ACLU. “It’s one thing to spy on a
particular person who has done something to warrant a government
investigation but governments have no business monitoring the Facebook
likes or YouTube views of hundreds of millions of people.”
might also have a chilling effect on companies like Google. Jason
Healey, former White House cyber czar under George W. Bush, says U.S.
and British intelligence encroachment on the internet is a threat to
everyone, including social media companies.
According to the documents obtained by NBC News, intelligence
officers from GCHQ gave a demonstration in August 2012 that spelled out
to their U.S. colleagues how the agency’s “Squeaky Dolphin” program
could collect, analyze and utilize YouTube, Facebook and Blogger data in
specific situations in real time.
The demonstration showed that
by using tools including a version of commercially available analytic
software called Splunk, GCHQ could extract information from the torrent
of electronic data that moves across fiber optic cable and display it
graphically on a computer dashboard. The presentation showed that
analysts could determine which videos were popular among residents of
specific cities, but did not provide information on individual social
The presenters gave an example of their real-time
monitoring capability, showing the Americans how they pulled trend
information from YouTube, Facebook and blog posts on Feb. 13, 2012, in
advance of an anti-government protest in Bahrain the following day.
than a year prior to the demonstration, in a 2012 annual report,
members of Parliament had complained that the U.K.’s intelligence
agencies had missed the warning signs of the uprisings that became the
Arab Spring of 2011, and had expressed the wish to improve “global”
During the presentation, according to a
note on the documents, the presenters noted for their audience that
“Squeaky Dolphin” was not intended for spying on specific people and
their internet behavior. The note reads, “Not interested in individuals
just broad trends!”
But cyber-security experts told NBC News that
once the information has been collected, intelligence agencies have the
ability to extract some user information as well. In 2010, according to
other Snowden documents obtained by NBC News, GCHQ exploited unencrypted
data from Twitter to identify specific users around the world and
target them with propaganda.
The experts also said that the only way that GCHQ would be able to do
real-time analysis of trends would be to tap the cables directly and
store the data or use a third party, like a private company, to extract
and collect the raw data. As much as 11 percent of global internet
bandwidth travels through U.K. internet exchanges, according to Bill
Woodcock, president of PCH, a non-profit internet organization that
tracks and measures and documents fiber infrastructure around the world.
the case of the YouTube video information, the surveillance of the
unencrypted material was done not only without the knowledge of the
public but without the knowledge or permission of Google, the U.S.
company that owns the video sharing service.
"We have long been
concerned about the possibility of this kind of snooping, which is why
we have continued to extend encryption across more and more Google
services and links,” said a Google spokesperson. “We do not provide any
government, including the UK government, with access to our systems.
These allegations underscore the urgent need for reform of government
A source close to Google added that
Google was “shocked” because the company had pushed back against British
legislation that would have required Google to store its metadata and
other information for U.K. government use. The legislation, introduced
by Home Secretary Theresa May in 2012, was publicly repudiated by Deputy
Prime Minister Nick Clegg in 2013 and has never become law. May hopes
to reintroduce a modified version this spring.
surprising,” said the source, “that while they were pushing for the data
via the law, they might have simultaneously been using their capability
to grab it anyway.”
Encryption would prevent simple collection of
the data by an outside entity like the government. Google has not yet
encrypted YouTube or Blogger. Facebook and Twitter have now fully
encrypted all their data.
Facebook confirmed to NBC News that while its “like” data was
unencrypted, the company never gave it to the U.K. government and was
unaware that GCHQ might have been siphoning the data. The company
assumes the data was taken somewhere outside its networks and data
“Network security is an important part of the way we
protect user information,” said Facebook spokesman Jay Nancarrow, “which
is why we finished moving our site traffic to HTTPS by default last
year, implemented Perfect Forward Secrecy, and continue to strengthen
all aspects of our network.”
GCHQ would not confirm or deny the
existence of the Squeaky Dolphin program or anything else connected with
this report. The agency declined to answer questions about the scope of
its data collection or how it accessed the datastream.
In a statement, a GCHQ spokesperson emphasized that that the agency operated within the law.
“All of GCHQ's work is carried out in accordance with a strict legal and
policy framework,” said the statement, “which ensure[s] that our
activities are authorized, necessary and proportionate, and that there
is rigorous oversight, including from the Secretary of State, the
Interception and Intelligence Services Commissioners and the
Parliamentary Intelligence and Security Committee. All of our
operational processes rigorously support this position.”
spokesperson for the NSA said in a statement that the U.S. agency is not
interested in “the communications of people who are not valid foreign
“Any implication that NSA's foreign
intelligence collection is focused on the social media communications of
everyday Americans is not true,” said the statement. “We collect only
those communications that we are authorized by law to collect for valid
foreign intelligence and counterintelligence purposes – regardless of
the technical means used by the targets. Because some data of U.S.
persons may at times be incidentally collected in NSA’s lawful foreign
intelligence mission, privacy protections for U.S. persons exist across
the entire process concerning the use, handling, retention, and
dissemination of data.”
The spokesperson also said that working with foreign intelligence
services “strengthens the national security of both nations,” but that
NSA can’t “use those relationships to circumvent U.S. legal
Both U.S. and British officials assert that while
their passive collection of electronic communications might have great
breadth, the actual use of the data collected is very targeted, and is
dictated by specific missions. Sources familiar with GCHQ operations
state firmly that this is the case in each of the agency’s operations. Journalist
Glenn Greenwald was formerly a columnist at Salon and the Guardian. In
late 2012 he was contacted by NSA contractor Edward Snowden, who later
provided him with thousands of sensitive documents, and he was the first
to report on Snowden’s documents in June 2013 while on the staff of the
Guardian. Greenwald has since reported on the documents with multiple
media outlets around the world, and has won several journalism awards
for his NSA reporting both in the U.S. and abroad. He is now helping
launch, and will write for, a new, non-profit media outlet known as
First Look Media that will “encourage, support and empower …
independent, adversarial journalists.”