NSA and GCHQ Target "Leaky" Phone Apps To Scoop User Data

schwit1 writes "New leaked NSA documents shed a new light on the agency's assault on the data controls of smartphone apps. Using app data permissions as a jumping off point, the documents show agency staffers building huge quantities of data, including 'intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.' One slide lists capabilities for 'hot mic' recording, high precision geotracking, and file retrieval which would reach any content stored locally on the phone, including text messages, emails and calendar entries. As the slide notes in a parenthetical aside, 'if it's on the phone, we can get it.'"

Can you hear me now?

[RotateLeftByte]

Why are you listening?
Do you understand me now?
Why are you still listening?
Do you think I have something to hide?
Remember, I'm on your side
So bugger off like a good man
and snoop on the Taleban

Smurftastic!

[GPLDAN]

The NSA has all the actual slides from the internal presentation:
http://www.theguardian.com/wor...

From what I gather, TRACKER SMURF module of the WARRIOR PRIDE rootkit for both IOS and Android sort of grabs pin positions of places you search for in Google Maps as well as where you actually ARE. What's interesting is the seeming fascination with sexual orientation and clubs. I guess if there is dirt to be had on an operative or a politician, it might be if they are secretly a wild and crazy guy, or perhaps visiting a mistress in South America instead of being lost on the Appalachian trail.

I know it's fashionable to be angry and all that, but the more of these slides they release, the more you understand how good these guys are at spycraft. It's a solid rootkit base with modules for various device driver interaction, it's pulling back info to be sorted in databases specifically at dossier building on targets, etc etc. It's a well organized program of information gathering, actually.

Re:Smurftastic!

[MightyMartian]

And a police officer has the technical capacity to walk into my house and shoot me dead. That I can appreciate his likely skill with a service revolver doesn't mean he gets to shoot me dead at a whim.

The same applies to the NSA. That it has some bright brains who have some impressive technical capabilities does not mean that they should be permitted to wantonly do it without proper civilian oversight, including the requirement that no US citizen's data be collected without an explicit and accurate warrant.

In other words; capacity is only part of the equation.

Ever wonder why US unscrambled GPS Signals.

[gurps_npc]

I, May of 2000, President Clinton unscrambled GPS for civilian usage.

I always wondered why he did this. To create the GPS industry? I don't think so. Instead I think it was with the full knowledge that in a short time, the NSA could track people using it.

Re:Ever wonder why US unscrambled GPS Signals.

[nctritech]

This is why the FIRMWARE of phone radio CPUs needs to be fully open-sourced. Until they are, there is no way to audit them for privacy concerns nor modify them to close such loopholes.

Re:So what.

[bob_super]

Yes, but it's only in the last couple decades that they've been able to regroup all the data from all the forms of communication attached to every single user.
The scale of the task used to keep people focused on potential targets. Now it's about having everything on everyone, because nobody ever got fired for having too much data when shit happens.

Re:So what.

[fuzzyfuzzyfungus]

"The question is regarding the set of controls over how and when this is done."

Yes, about those... The secret ones, that you'd need access to secret information to verify compliance with, based on a classified interpretation of a massive hodgepodge of assorted laws, executive orders, and precedents, as interpreted by a secret court that doesn't release opinions and hears only testimony from the state agents requesting authorization? Those ones... Forgive me if I'm... less than 100% reassured.

Internal regulation and discipline can't even keep the officers of Hickville PD from periodic abuses that end up drawing big civil suits, and those guys are both nearly powerless and highly vulnerable to 3rd party scrutiny. Why would anyone expect 'controls' on an agency that can just stamp 'Double Top Secret' on anything embarassing and bury it forever to be more than a joke for the break room?

And the collusion continues....

[Anachragnome]

From the following linked article:
"During a recent interview session I had with Mikko Hypponen, the chief research officer for digital security company F-Secure Corp, he shared that he was friends with the men behind Rovio, the creators behind another massive success story--Angry Birds."

http://www.thestar.com.my/stor...

A couple of years ago I tried, in earnest, to inform Mikko Hypponen of evidence I had acquired (first-hand) that proved that Sony Entertainment was gathering data from computers that had Sony software installed, after being referred to him by Mark Russinovich (of Microsoft/Sysinternals fame). I was stone-walled completely, even after providing crash-dumps that held all the evidence he needed to go public-- now, I know why.

mod up. They used to target key suspects.

[raymorris]

Indeed, that's the difference. When they had to show up with a warrant for a specific individual and have agents sit and listen, they did that for high value suspects. Now it's all of us, all the time, who are the targets.

You read /. so you already knew this right?

[Trax3001BBS]

The file "Computer_Forensics_for_Prosecutors_(2013)_Part_1".pdf has this gem in it.

"Users of mobile devices and cloud storage sign off on their rights to data scanning, There is no opt-out option."

This file showed up when a question of True Crypt being back doored came up, as out of the blue it mentions it is; if not set up correctly I would tend to agree.

Page 16 http://www.techarp.com/article...
article lies about Phil ZImermann but the only place I could find the file.