Meet the 'Spy Smurfs': Here's how the NSA, GCHQ target iPhones, Android devices

Meet the 'Spy Smurfs': Here's how the NSA, GCHQ target iPhones, Android devices

Summary: According to the latest Snowden leaks, Britain's GCHQ can remotely control iPhones and Android devices using "targeted" tools. Meanwhile, the NSA can tap "leaky" apps to determine a person's age and location, and in some cases even their sexual orientation and political views.

TOPICS: Security
Screen Shot 2014-01-27 at 1.05.34 PM
(Image: NSA/Guardian; New York Times)

British and American spy agencies are able to gather vast amounts of personally identifiable information, including age, location, and even sexual orientation and political persuasions, according to the latest documents leaked by former U.S. government contractor Edward Snowden.

The GuardianThe New York Times and ProPublica working together each published claims that smartphone apps "leak" data from iPhone and Android apps, which are then piggybacked by Britain's GCHQ and the U.S. National Security Agency.

Not needing to tap into a user's smartphone directly, other mass surveillance efforts — such as cable taps — provide the intelligence agencies with the bulk of this data.

That's not to say that Britain's GCHQ didn't have the targeted tools against individual smartphones, such as iPhones, Android devices, and other platforms if needed.

Named after the children's television cartoon characters, "The Smurfs," these tools allow the British spy agency to target individual smartphones. For example, "Tracker Smurf" that allowed high-precision geolocation, and "Nosey Smurf" that gave analysts access to a device's microphone. Meanwhile, "Dreamy Smurf" allowed analysts to switch stealthily activate a device that is apparently switched off.

The Guardian, reporting from New York, said the NSA has already spent $1 billion on this phone targeting effort. The logic behind this is said to be as a result of terrorists and other intelligence targets increasingly using mobile devices.

One slide, titled "Golden Nugget!" describes how a photo uploaded to a social network, such as Facebook, Flickr, LinkedIn, and Twitter from a mobile device would yield a vast amount of data and metadata, known as EXIF (Exchangeable Image File Format).

Named in one report, smartphone-based queries on Google Maps could be intercepted, to such a point that one 2008 document described the effort as effectively anyone using the service "is working in support of a GCHQ system."

Not unique to Google's mobile mapping system, the information gathered by apps is designed to be used by an app's advertisers, to deliver relevant targeted content.

Whether or not this kind of personal data is collected by the NSA or GCHQ remains unclear, as the documents do not state. However, the reports suggest this kind of information would be considered "content," rather than metadata.

Above all else, while the intelligence agencies' approach may be invasive for some, the documents do set out exactly how much data can be collected from popular apps — in some case apps that have been downloaded millions, or even billions of times, such as the Rovio app "Angry Birds," by smartphone users.

Rovio said it had no previous knowledge of this data collection by intelligence agencies, nor does it work with the British or American spy agencies, The Guardian's report said. 

Meanwhile, The New York Times reported that advertisers working with app makers — such as named Baltimore, MD-based company Millennial Media — profiles include "optional" data beyond the standard information, including ethnicity, marital status, and sexual orientation.

The latest leaks offer yet another insight into how multiple NSA and GCHQ programs are being used in other intelligence operations, based on other leaks offered by Snowden.

It was reported late in 2013 that the NSA spied on the activities of suspected terrorists in efforts to build up profiles of their personal states, in order to later "discredit" them. The leaks identified a number of Muslim targets said to be vulnerable to accusations of "online promiscuity," according to the BBC News.

This information could be used to "call into question a radicaliser's devotion to the jihadist cause, leading to the degradation or loss of his authority," the leaks suggested. 

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I feel good!

    taxpayer's money are not wasted in vain!
    only M$ seems not to cooperate for the greater good, but even the bad guys won't use their proprietary crap.
    LlNUX Geek
  • I'm curious - If I created my own PowerPoint presentaion

    and added bullet points related to

    - number of mind control implants currently in use
    - storage guidelines for information retrieved from person's brain
    - ect

    and said it's from the stolen NSA files, would that mean it's true?

    I'm really just curious at this point...
    • @anonymous

      really curious or just talking stupid? I vote the latter
      • I see. So you're one of those people that think if it's on the internet

        it must be true?

        If all I'm doing is just talking stupid, I guess that makes you an complete imbecile, since you blindly accept all that you read no questions asked.

        I'm asking how do we know if any of this is factual or not?

        We're at that point where we see a PowerPoint slide, and say it's from an organization that will never confirm/deny that it's from them, and we hail it as Gospel?
        • You really are stupid

          The PowerPoint slide was not found on the Internet, it was leaked by Snowden and the NSA confirmed it is true when they asked the Chinese to extradite Snowden.

          Think before you type moron.
          • Snowden?

            and you believe everything he says? I was taught never to believe thieves and lowlifes ...
          • snowden

            so, you think taking evidence of crimes against the Constitution that he swore to uphold is theft?

            Surely Police obtaining evidence relating to murders is also theft?

            Customs seizing stolen goods?

            Maybe look into the what and why of Snowden. He is a modern-day hero to the world.
          • Do you believe Snowden or the government?

            Mr. Snowden has not been caught in lies such as most governments. If someone were to list all the bald-faced lies and half-truths issued by government, it would make the longest post ever made to this site. I wonder if government is even capable of telling the truth anymore.
          • Snowden?

            But you would believe anything the government tells you ?? That is the largest collection of thieves and lowlifes on the entire planet.
          • Smarter then you since I ask the important questions

            and take nothing verbatim.

            And it's impossible that Snowden couldn't have access to a copy of PowerPoint.

            And because the NSA asked the Chinese to extradite Snowden for theft of government property, that's an indication that it's an actual NSA slide.

            So Snowden could make a slide that shows Burger King as a front for the Russian mafia, and the fact that the NSA wants him extradited proves that Burger King is indeed a front for the Russian mafia.

            I'll have to employ that logic more often, seems to make everything work as I want.
          • Good points

            But the the gist of the article rings true. As a programmer it is how I would approach stealing data. Why try to break into a secure ms exchange connection to get contact data when some chat app transmits the same data in plain text? smart phones are terribly insecure at this point.
          • He/She/It will make a good slave

            ...Probably believes everything in the New York Times too...
          • This is well-known facts anyway, how can you dispute

            It is well known that the NSA has been piggy-backing on communications for a long time. It is well known that images taken from smartphones contain exif data. It is well known that many smartphone apps can and do transmit as much data as they possibly can back to their own servers.

            This article and latest news is all well-known information that just has been linked together.
        • Even the NSA doesn't claim these documents to be fabrications

          If these leaked documents were fabrications, don't you think that'd have been the *first* thing out of the NSA's mouth? Even they have not contested the legitimacy of any of these leaked documents.
    • Mind Reading and Thought and Behavior Control

      Mind Reading and Thought and Behavior Control. . . .

      "Mind Control Implants" fall into two categories:
      1. Remotely located microwave and sound sources onboard aircraft or satellites;
      2. Direct electrode implants into the brain.

      "Information Retrieved from [a] person's brain" fall into two categories also:
      1. Remote interception of "brain waves" in the form of electromagnetic energy using devices such as:
      a) "SQUIDS" (Superconducting Quantum Interference Devices) aboard aircraft and satellites; SQUIDS incorporate a "Josephson Junction" named after Brian Josephson, a British physicist who was awarded the Nobel Prize in physics some forty years ago;
      b) Infrared scanners aboard aircraft and satellites incorporating optical modulators such as a "reticle" which intercept heat from remote sources such as a person's brain.
      2. Electrodes attached to / implanted within a person's brain.

      Prior to researching "storage guidelines," it will be necessary to search and secure DoD, NSA, SRI (Stanford Research Institute), et al. documentation providing evidence that such mind reading / mind and behavior altering technology does exist. For starters, read "Mind Reading Computer," published in Time Magazine on July 1, 1974

      Remember that President Obama previously declared that an impending object of study will be the human brain, no doubt using remote microwave directed energy, remote sound and ultrasound directed energy, and other directed energy weapons of mass destruction, as well as active and passive energy interception devices.

      Good luck!
  • Google worse than NSA

    The average person shouldn't care at all about this. After all, most people use Google and Facebook on a regular basis. They represent a much greater threat to our privacy than the NSA. At least the NSA isn't going to feature my photo in an ad, or show me ads. Put another way, the NSA and Google both violate our privacy - Google goes a step further and exploits our personal information. If this stuff really does bother you, then perhaps you should start using privacy-based sites like DuckDuckGo, Ravetree, HushMail, etc.
    • Even worse

      outing people with stupid google+ and youtube requirements.
    • Big difference

      You can opt out of using Google et al.
      Any idea of how to opt out of the NSA spying on me?
      • Opt Out

        Yes - mail a letter.
        • Not so

          Not so. They read your 1st class mail too.