Your Source for Leaks Around the World!

“Golden Nugget! The Mobile Surge”: NSA/GCHQ Target Smartphone Apps to Collect Personal Data/Location Info

In Archive, GCHQ, NSA, NSA Files, Surveillance on January 27, 2014 at 2:52 PM
nsa-fairy

Cartoon of a fairy accompanies “top secret” NSA document about smartphones. Drawing seems to suggest that phones, and data they transmit, are a magical intelligence gift to the agency

01/27/2014

Guardian/NYTimes/ProPublica:

The National Security Agency and its UK counterpart GCHQ have been developing capabilities to take advantage of “leaky” smartphone apps, such as the wildly popular Angry Birds game, that transmit users’ private information across the internet, according to top secret documents. The efforts were part of an initiative called “the mobile surge,” according to a 2011 British document, an analogy to the troop surges in Iraq and Afghanistan.

The data pouring onto communication networks from the new generation of iPhone and Android apps ranges from phone model and screen size to personal details such as age, gender and location. Some apps, the documents state, can share users’ most sensitive information such as sexual orientation – and one app recorded in the material even sends specific sexual preferences such as whether or not the user may be a swinger.

The N.S.A. and Britain’s Government Communications Headquarters were working together on how to collect and store data from dozens of smartphone apps by 2007, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps, and for vacuuming up address books, buddy lists, phone logs and the geographic data embedded in photos when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter and other services.

As the program accelerated, the N.S.A. nearly quadrupled its budget in a single year, to $767 million in 2007 from $204 million, according to a top-secret Canadian analysis written around the same time.

Two top-secret flow charts produced by the British agency in 2012 show incoming streams of information skimmed from smartphone traffic by the Americans and the British. The streams are divided into “traditional telephony” — metadata — and others marked “social apps,” “geo apps,” “http linking,” webmail, MMS and traffic associated with mobile ads, among others. (MMS refers to the mobile system for sending pictures and other multimedia, and http is the protocol for linking to websites.)

In charts showing how information flows from smartphones into the agency’s computers, analysts included questions to be answered by the data, including “Where was my target when they did this?” and “Where is my target going?”

nsa-golden-nugget

One slide from a May 2010 NSA presentation on getting data from smartphones – breathlessly titled “Golden Nugget!” – sets out the agency’s “perfect scenario”: “Target uploading photo to a social media site taken with a mobile device. What can we get?” The question is answered in the notes to the slide: from that event alone, the agency said it could obtain a “possible image”, email selector, phone, buddy lists, and “a host of other social working data as well as location”.

Depending on what profile information a user had supplied, the documents suggested, the agency would be able to collect almost every key detail of a user’s life: including home country, current location (through geolocation), age, gender, zip code, martial status – options included “single”, “married”, “divorced”, “swinger” and more – income, ethnicity, sexual orientation, education level, and number of children.

One secret report shows that just by updating Android software, a user sent nearly 500 lines of data about the phone’s history and use onto the network.

nsa-angry-birds-code

Portion of computer code in Burstly’s Software Development Kit — used by Angry Birds. This software was studied by GCHQ for intelligence value

In another example, a secret 20-page British report dated 2012 includes the computer code needed for plucking the profiles generated when Android users play Angry Birds.

The agencies also made use of their mobile interception capabilities to collect location information in bulk, from Google and other mapping apps. One basic effort by GCHQ and the NSA was to build a database geolocating every mobile phone mast in the world – meaning that just by taking tower ID from a handset, location information could be gleaned.

A more sophisticated effort, though, relied on intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information. Intelligence agencies collect so much data from the app that “you’ll be able to clone Google’s database” of global searches for directions, according to a top-secret N.S.A. report from 2007.

So successful was this effort that one 2008 document noted that “[i]t effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system.”

One GCHQ document from 2010 notes that cookie data – which generally qualifies as metadata – has become just as important to the spies. In fact, the agencies were sweeping it up in such high volumes that their were struggling to store it. “They are gathered in bulk, and are currently our single largest type of events,” the document stated.

In 2009, the American and British spy agencies each undertook a brute-force analysis of a tiny sliver of their cellphone databases. Crunching just one month of N.S.A. cellphone data, a secret report said, required 120 computers and turned up 8,615,650 “actors” — apparently callers of interest. A similar run using three months of British data came up with 24,760,289 actors.

Related Links:

NYTimes NSA/GCHQ Redaction Fail

Angry Birds Website Hacked Following Links to NSA SpyingRovio Confirms Hackers Defaced Angry Birds Website, No User Data Compromised

Dreamy, Nosey, Tracker & Paranoid: GCHQ’s Spying Smurfs Can Hide on Phones, Turn Them On, Eavesdrop & Locate

NSA Using Advertising Data for Surveillance: Cookies to Identify Hacking Targets, Mobile Apps to Track Locations

  1. […] Snowden leaks have disclosed that the CSE uses the highly sophisticated WARRIORPRIDE malware to target cellphones, and maintains a network of infected private computers — what’s called a botnet […]

    Like

  2. […] 2010 presentation, along with additional documents from GCHQ and NSA, showed that the intelligence agencies were aggressively ramping up their efforts to see into the […]

    Like

  3. Arkfalls are basically developed for the alien isolation serial key suffering
    of multiple software applications for PCs.

    Now you can use secret codes on all parts of the most in-game currency.
    Managing a Player-based EconomyAs previously discussed, a home.
    All are great imitators.

    Like

  4. […] Monday the New York Times published NSA and GCHQ documents on smartphone surveillance and failed to properly redact the slides, making it possible by highlighting, copying and pasting […]

    Like

  5. […] Related Link: “Golden Nugget! The Mobile Surge”: NSA/GCHQ Target Smartphone Apps to Collect Personal D… […]

    Like

  6. […] Related Link: “Golden Nugget! The Mobile Surge”: NSA/GCHQ Target Smartphone Apps to Collect Personal D… […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: