BDforever
ELITE MEMBER
- Joined
- Feb 12, 2013
- Messages
- 14,387
- Reaction score
- 8
- Country
- Location
Spies exploit apps for user data
The US's National Security Agency (NSA) and UK’s Government Communications Headquarters (GCHQ) have been developing capabilities to gather information through ‘leaky’ apps such as Angry Birds game.
The Guardian in a report cited top secret documents, saying the spy agencies are now focusing on smartphone apps that transmit users' private information across the internet.
The data that pours onto communication networks from the new generation of iPhone and Android apps include phone model, screen size and even personal details such as age, gender and location.
The documents state that the apps can even share information such as sexual orientation. An app recorded in the spy documents even sends information on specific sexual preferences such as whether or not the user may be a swinger, reads the Guardian report.
Whistleblower Edward Snowden had shared with the Guardian dozens of classified documents which details efforts by NSA and GCHQ to use this commercial data collection for their own purposes.
Besides the existing mass surveillance tools at their disposal– such as cable taps, or international mobile networks –scooping up information from apps allows the agencies to collect large quantities of mobile phone data.
The intelligence agencies view exploitation of phone information as high-priority because terrorists and other intelligence targets make substantial use of phones in planning and carrying out activities.
Phones for example are used as triggering devices in zones of conflict. The NSA has cumulatively spent more than $1bn in its phone targeting efforts.
The classified documents show how turning their attention towards smartphone for data collection could benefit spy agencies.
A top-secret NSA presentation slide on getting data from smartphones from May 2010 describes how a ‘perfect scenario’ is reached when an intelligence target uploads a photo from their phone in a social media. The US spies from that action can obtain a "possible image", email selector, phone, buddy lists, and "a host of other social working data as well as location".
Data such as location is briefly available for collection as it travels across the networks even though most major social media sites, such as Facebook and Twitter, strips photos of identifying location metadata (known as EXIF data) before publishing them.
The agencies would be able to collect almost every key detail of a user's life depending on what is provided into a profile, says the secret documents.
This includes home country, current location (through geolocation), age, gender, zip code, marital status – options included "single", "married", "divorced", "swinger" and more – income, ethnicity, sexual orientation, education level, and number of children.
Spy agencies also use Google map queries to collect large volumes of location information. This is done to such an extent that a 2008 document noted that "t effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system."
Another basic effort by GCHQ and the NSA was to collect locations just by taking tower ID from a handset for which a database was developed for geolocating every mobile phone mast in the world.
The developers of apps or the company that delivers its adverts decide how much data the apps can collect.
President Barack Obama in a recent speech stated that NSA procedures maybe subject to reform. But he was focusing on the agencies collection of the metadata from US phone calls and made no mention in his address of the large amounts of data the agency collects from smartphone apps, which falls under the same laws and minimisation procedures as all other NSA activities.
The latest findings will add more concern to smartphone users outside US who enjoy fewer privacy protections.
The classified documents do not say how much of the information that can be taken from apps is routinely collected, stored or searched, nor how many users may be affected.
The NSA says its capabilities are pitted against "valid foreign intelligence targets" and does not against US citizens.
It said the NSA tries to remove irrelevant data, to include that of innocent foreign citizens, as early as possible in the process.
Classified documents include an internal guide for GCHQ staff which details what can be collected from different apps.
Using Android apps for most of its examples GCHQ writes - anything stored in an Android or an iPhone can be collected through apps.
Using perhaps the most popular mobile phone game of all time, Angry Birds –reportedly downloaded more than 1.7bn times –the GCHQ documents lists the information that can be collected.
Rovio, the maker of Angry Birds, said it had no knowledge of any NSA or GCHQ programmes looking to extract data from its apps users.
"Rovio doesn't have any previous knowledge of this matter, and have not been aware of such activity in 3rd party advertising networks," said Saara Bergström, Rovio's VP of marketing and communications. "Nor do we have any involvement with the organizations you mentioned [NSA and GCHQ]."
Some apps choose to transmit much more data than others meaning the agency could potentially net far more.
Another GCHQ slide details weak spots in where data flows from mobile phone network providers to the wider internet, where the agency attempts to intercept communications.
These are locations either within a particular network, or international roaming exchanges (known as GRXs), where data from travellers roaming outside their home country is routed.
These are particularly useful to the agency as data is often only weakly encrypted on such networks, and includes extra information such as handset ID or mobile number – much stronger target identifiers than usual IP addresses or similar information left behind when PCs and laptops browse the internet.
"The communications of people who are not valid foreign intelligence targets are not of interest to the National Security Agency," said a spokeswoman in a statement.
“We collect only those communications that we are authorized by law to collect for valid foreign intelligence and counterintelligence purposes – regardless of the technical means used by the targets.
"Continuous and selective publication of specific techniques and tools lawfully used by NSA to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies – and places at risk those we are sworn to protect."
The NSA declined to respond to a series of queries on how routinely capabilities against apps were deployed, or on the specific minimisation procedures used to prevent US citizens' information being stored through such measures.
GCHQ declined to comment on any of its specific programmes, but stressed all of its activities were proportional and complied with UK law.
"It is a longstanding policy that we do not comment on intelligence matters," said a spokesman.
"Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework that ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position."
source: Spies exploit apps for user data -
bdnews24.com
The US's National Security Agency (NSA) and UK’s Government Communications Headquarters (GCHQ) have been developing capabilities to gather information through ‘leaky’ apps such as Angry Birds game.
The Guardian in a report cited top secret documents, saying the spy agencies are now focusing on smartphone apps that transmit users' private information across the internet.
The data that pours onto communication networks from the new generation of iPhone and Android apps include phone model, screen size and even personal details such as age, gender and location.
The documents state that the apps can even share information such as sexual orientation. An app recorded in the spy documents even sends information on specific sexual preferences such as whether or not the user may be a swinger, reads the Guardian report.
Whistleblower Edward Snowden had shared with the Guardian dozens of classified documents which details efforts by NSA and GCHQ to use this commercial data collection for their own purposes.
Besides the existing mass surveillance tools at their disposal– such as cable taps, or international mobile networks –scooping up information from apps allows the agencies to collect large quantities of mobile phone data.
The intelligence agencies view exploitation of phone information as high-priority because terrorists and other intelligence targets make substantial use of phones in planning and carrying out activities.
Phones for example are used as triggering devices in zones of conflict. The NSA has cumulatively spent more than $1bn in its phone targeting efforts.
The classified documents show how turning their attention towards smartphone for data collection could benefit spy agencies.
A top-secret NSA presentation slide on getting data from smartphones from May 2010 describes how a ‘perfect scenario’ is reached when an intelligence target uploads a photo from their phone in a social media. The US spies from that action can obtain a "possible image", email selector, phone, buddy lists, and "a host of other social working data as well as location".
Data such as location is briefly available for collection as it travels across the networks even though most major social media sites, such as Facebook and Twitter, strips photos of identifying location metadata (known as EXIF data) before publishing them.
The agencies would be able to collect almost every key detail of a user's life depending on what is provided into a profile, says the secret documents.
This includes home country, current location (through geolocation), age, gender, zip code, marital status – options included "single", "married", "divorced", "swinger" and more – income, ethnicity, sexual orientation, education level, and number of children.
Spy agencies also use Google map queries to collect large volumes of location information. This is done to such an extent that a 2008 document noted that "t effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system."
Another basic effort by GCHQ and the NSA was to collect locations just by taking tower ID from a handset for which a database was developed for geolocating every mobile phone mast in the world.
The developers of apps or the company that delivers its adverts decide how much data the apps can collect.
President Barack Obama in a recent speech stated that NSA procedures maybe subject to reform. But he was focusing on the agencies collection of the metadata from US phone calls and made no mention in his address of the large amounts of data the agency collects from smartphone apps, which falls under the same laws and minimisation procedures as all other NSA activities.
The latest findings will add more concern to smartphone users outside US who enjoy fewer privacy protections.
The classified documents do not say how much of the information that can be taken from apps is routinely collected, stored or searched, nor how many users may be affected.
The NSA says its capabilities are pitted against "valid foreign intelligence targets" and does not against US citizens.
It said the NSA tries to remove irrelevant data, to include that of innocent foreign citizens, as early as possible in the process.
Classified documents include an internal guide for GCHQ staff which details what can be collected from different apps.
Using Android apps for most of its examples GCHQ writes - anything stored in an Android or an iPhone can be collected through apps.
Using perhaps the most popular mobile phone game of all time, Angry Birds –reportedly downloaded more than 1.7bn times –the GCHQ documents lists the information that can be collected.
Rovio, the maker of Angry Birds, said it had no knowledge of any NSA or GCHQ programmes looking to extract data from its apps users.
"Rovio doesn't have any previous knowledge of this matter, and have not been aware of such activity in 3rd party advertising networks," said Saara Bergström, Rovio's VP of marketing and communications. "Nor do we have any involvement with the organizations you mentioned [NSA and GCHQ]."
Some apps choose to transmit much more data than others meaning the agency could potentially net far more.
Another GCHQ slide details weak spots in where data flows from mobile phone network providers to the wider internet, where the agency attempts to intercept communications.
These are locations either within a particular network, or international roaming exchanges (known as GRXs), where data from travellers roaming outside their home country is routed.
These are particularly useful to the agency as data is often only weakly encrypted on such networks, and includes extra information such as handset ID or mobile number – much stronger target identifiers than usual IP addresses or similar information left behind when PCs and laptops browse the internet.
"The communications of people who are not valid foreign intelligence targets are not of interest to the National Security Agency," said a spokeswoman in a statement.
“We collect only those communications that we are authorized by law to collect for valid foreign intelligence and counterintelligence purposes – regardless of the technical means used by the targets.
"Continuous and selective publication of specific techniques and tools lawfully used by NSA to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies – and places at risk those we are sworn to protect."
The NSA declined to respond to a series of queries on how routinely capabilities against apps were deployed, or on the specific minimisation procedures used to prevent US citizens' information being stored through such measures.
GCHQ declined to comment on any of its specific programmes, but stressed all of its activities were proportional and complied with UK law.
"It is a longstanding policy that we do not comment on intelligence matters," said a spokesman.
"Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework that ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position."
source: Spies exploit apps for user data -
bdnews24.com
