The Guardian reported uncovering the spy operations while examining documents leaked to it by controversial whistleblower Edward Snowden. The campaigns reportedly used the applications as an entry point into smart devices, going on to gather vast amounts of information about their owner.
The agencies' spy campaigns are reportedly so advanced that they could discern the phone's model and screen size as well as personal details about its owner including their age, gender and location.
The scale of data gathering is unclear, but a leaked document from the NSA detailed a "golden nugget" scenario where its analysts could use mobile applications as a gateway to collect information from connected networks, downloaded documents, websites visited and friend lists.
Another leaked GCHQ document from 2010 indicated that the campaigns were collecting so much data, they were struggling to store it.
The document also showed that the GCHQ codenamed its mobile spy tools after characters from The Smurfs TV series. These included a "Nosey Smurf" tool that let GCHQ agents hijack control of the phone's microphone to record conversations, a "Tracker Smurf" tool that let the GCHQ remotely collect the phone's location data and "Paranoid Smurf" tool designed to hide the agency's activities from the user.
The Guardian reported that the NSA and GCHQ plan to continue developing and enhancing their mobile spying powers, though the details of how remain unknown. At the time of publishing the GCHQ had not responded to V3's request for comment on the leaked documents.
An NSA spokesman moved to downplay the significance of the campaign in an emailed statement to V3, promising that it only targeted a very specific set of people.
"The communications of people who are not valid foreign intelligence targets are not of interest to the National Security Agency," read the statement.
"Any implication that NSA's foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true. Moreover, NSA does not profile everyday Americans as it carries out its foreign intelligence mission. We collect only those communications that we are authorised by law to collect for valid foreign intelligence and counterintelligence purposes – regardless of the technical means used by the targets."
The spokesman added that the NSA also proactively works to delete any data it accidentally collects from an innocent phone user.
"In addition, NSA actively works to remove extraneous data, to include that of innocent foreign citizens, as early as possible in the process. Continuous and selective publication of specific techniques and tools lawfully used by NSA to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies – and places at risk those we are sworn to protect."
But the revelation has led to a backlash within the app development community. CEO of Rovio Entertainment – the company that makes Angry Birds – Mikael Hed, said the company has never intentionally aided the NSA and is considering altering its software to help protect its customers.
"We do not collaborate, collude, or share data with spy agencies anywhere in the world. As the alleged surveillance might be happening through third-party advertising networks, the most important conversation to be had is how to ensure user privacy is protected while preventing the negative impact on the whole advertising industry and the countless mobile apps that rely on ad networks," he said.
"In order to protect our end users, we will, like all other companies using third-party advertising networks, have to re-evaluate working with these networks if they are being used for spying purposes."
The Guardian is one of a select few publications with direct access to the PRISM files, which were originally leaked in 2013. The documents led to several revelations about the NSA and GCHQ's spy operations. The NSA was revealed to be collecting and analysing as many as 200 million text messages a day earlier in January.
US president Barack Obama announced a series of sweeping reforms designed to more strictly control how the NSA can conduct its spy operations earlier in January.
The US government implemented the first of these on Monday, allowing technology companies disclose to the public non-critical information about their involvement in operations such as PRISM.
No comments:
Post a Comment