Hackers briefly vandalized the website of popular mobile game Angry Birds after revelations that its users’ data has been leaked to the NSA. But the app’s Finnish maker has hit out at accusations that it is helping spy agencies.
On Wednesday night, the front page of the website of the game – which has been downloaded a record 1.7 billion times by portable device users – was replaced by a spoof by an anonymous hacker. A cached version of the website was sent to hacking collective Syrian Electronic Army, and displayed the inscription Spying Birds, with the center of the screen occupied by a trademark irate red avis with an NSA logo on its forehead.
— SyrianElectronicArmy (@Official_SEA16) January 28, 2014
Rovio, the game’s developer, confirmed that the hack, which
reportedly lasted for at least an hour and a half, had taken
“Unfortunately, last night the Angry Birds website was momentarily defaced, but the situation has been dealt with by our IT security. The end user data was in no risk at any point," the company said in a statement.
Earlier this week, a fresh batch of documents sourced from whistleblower Edward Snowden and published in the Guardian and the New York Times showed that US and UK intelligence agencies use mobile apps – often innocent programs installed by smartphone users to play games, find directions or meet dates – to track users. Among the data that can be obtained is the user’s name, location, email address, phone number and any other information the app asks, including ethnicity and relationship status. As well as data users willingly submit, the agencies are reportedly also able to collect data that is automatically exchanged between the smartphone and the app server.
Among the documents was a 20-page case study that homed in on Angry Birds, and showed how to extract sensitive data from a game that is ostensibly about throwing birds to destroy pigs hiding in castles.
It appears the private information was not intercepted from Angry Birds itself, but the online ad agencies that it partners with. Since many smartphone applications are free to device owners despite costing millions to develop and maintain, their makers earn revenue by allowing third-party ad agencies to collect the users’ data and bombard them with specially-targeted adverts.
In the wake of the revelations, Rovio has denied any responsibility, and promised to “re-evaluate” its relationship with outside advertisers.
“We do not collaborate, collude, or share data with spy agencies anywhere in the world,” Rovio CEO Mikael Hed said in a statement on the company’s website.
“As the alleged surveillance might be happening through third party advertising networks, the most important conversation to be had is how to ensure user privacy is protected while preventing the negative impact on the whole advertising industry and the countless mobile apps that rely on ad networks.”
Yet Rovio believes that it was merely used as an illustration by the NSA, and even if it halted all contact with advertisers, app users would not be any safer.
“If advertising networks are indeed targeted, it would appear that no internet-enabled device that visits ad-enabled web sites or uses ad-enabled applications is immune to such surveillance,” Rovio said.
Since the latest trove of classified documents became public, NSA and its UK sister agency GCHQ have insisted that they do not spy on or collect data from ordinary app users.
"The communications of people who are not valid foreign intelligence targets are not of interest to the National Security Agency," said a statement from the American agency.
"Any implication that NSA's foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true.”
At the same time, neither agency has denied the existence of interception techniques outlined in the leaks.