Angry anti-NSA hackers pwn Angry Birds site after GCHQ data slurp

Developers Rovio blame third-party ad networks for leak


Anti-NSA hackers defaced ‪Rovio's official Angry Birds website ‬on Tuesday night as a reprisal against revelations that GCHQ and the NSA were feasting on data leaked from the popular smartphone game.

Spying Birds: Angry Birds defaced by irritated hackers.

Angrybirds.com became "Spying Birds" as a result of the defacement (Zone-h mirror here). Rovio has confirmed the defacement, the International Business Times reports.

The ‪Angrybirds.com ‬website was back to normal by Wednesday morning. The defacement, which Zone-h has yet to confirm is genuine, must have been brief. Defacing a website is an act more akin to scrawling graffiti on a billboard put up by a company than breaking into its premises and ransacking its files.

It's unclear how the defacement was pulled off by a previously unknown hacker or defacement crew using the moniker “Anti-NSA hacker”.

"It’s not clear if Rovio’s web servers were compromised or if the hacker managed to hijack the firm’s DNS records and send visiting computers to a third party site carrying the image instead," writes security industry veteran Graham Cluley.

"Whatever the details of how the hack was perpetrated, it appears to have only been present for a few minutes and the company made its website unavailable for 90 minutes while it confirmed that its systems were now secured," he added.

Files leaked by NSA whistleblower Edward Snowden showed the NSA and GCHQ were slurping data from smartphone apps to harvest all manner of personal information from world+dog. This information includes users' locations, their political beliefs and even their sexual preferences. ‪

Angrybirds.com ‬was used as a "case study" in the leaked files, hence the hackers' focus on Rovio – even though a great number of smartphone apps from other developers are involved in the dragnet surveillance program.

Rovio issued a statement in the wake of the revelations stating that it "does not share data, collaborate or collude with any government spy agencies such as NSA or GCHQ anywhere in the world," stating that third-party ad networks may be to blame for the leak.

The alleged surveillance may be conducted through third party advertising networks used by millions of commercial web sites and mobile applications across all industries. If advertising networks are indeed targeted, it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance. Rovio does not allow any third party network to use or hand over personal end-user data from Rovio’s apps.

These arguments cut little ice with privacy activists who pointed out that whether the data leaked from Rovio or ad networks was immaterial: how the companies make their money and deliver their technology makes little difference in practice for users of their popular games because the end result is the same.

"The online advertising industry weakens Internet security, and has created pathways for hackers and gov agencies to exploit," said Christopher Soghoian, principal technologist of the speech, privacy & technology project at the American Civil Liberties Union, in an update to his personal Twitter account. ®

Similar topics

Narrower topics


Other stories you might like

  • US cyber chiefs: Moving to Shields Down isn't gonna happen
    Promises new alert notices but warn 'we can sometimes predict thunderstorms but not lightning strikes'

    RSA Conference A heightened state of defensive cyber security posture is the new normal, according to federal cyber security chiefs speaking at the RSA Conference on Tuesday. This requires greater transparency and threat intel sharing between the government and private sector, they added.

    "There'll never be a time when we don't defend ourselves –— especially in cyberspace," National Cyber Director Chris Inglis said, referencing an opinion piece that he and CISA director Jen Easterly published earlier this week that described CISA's Shields Up initiative as the new normal. 

    "Now, we all know that we can't sustain the highest level of alert for an extensive period of time, which is why we're thinking about, number one, what's that relationship that government needs to have with the private sector," Easterly said on the RSA Conference panel with Inglis and National Security Agency (NSA) cybersecurity director Rob Joyce.

    Continue reading
  • Beijing-backed baddies target unpatched networking kit to attack telcos
    NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points

    State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers.

    So say the United States National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI), which took the unusual step of issuing a joint advisory that warns allied governments, critical infrastructure operators, and private industry organizations to hurry up and fix their IT estates.

    The advisory states that network devices are the target of this campaign and lists 16 flaws – some dating back to 2017 and none more recent than April 2021 – that the three agencies rate as the most frequently exploited.

    Continue reading
  • How ICE became a $2.8b domestic surveillance agency
    Your US tax dollars at work

    The US Immigration and Customs Enforcement (ICE) agency has spent about $2.8 billion over the past 14 years on a massive surveillance "dragnet" that uses big data and facial-recognition technology to secretly spy on most Americans, according to a report from Georgetown Law's Center on Privacy and Technology.

    The research took two years and included "hundreds" of Freedom of Information Act requests, along with reviews of ICE's contracting and procurement records. It details how ICE surveillance spending jumped from about $71 million annually in 2008 to about $388 million per year as of 2021. The network it has purchased with this $2.8 billion means that "ICE now operates as a domestic surveillance agency" and its methods cross "legal and ethical lines," the report concludes.

    ICE did not respond to The Register's request for comment.

    Continue reading

Biting the hand that feeds IT © 1998–2022