Hackers briefly vandalized the website of popular mobile game Angry Birds after revelations that its users’ data has been leaked to the NSA. But the app’s Finnish maker has hit out at accusations that it is helping spy agencies.
On Wednesday night, the front page of the website of the game – which has been downloaded a record 1.7 billion times by portable device users – was replaced by a spoof by an anonymous hacker. A cached version of the website was sent to hacking collective Syrian Electronic Army, and displayed the inscription Spying Birds, with the center of the screen occupied by a trademark irate red avis with an NSA logo on its forehead.
A friend hacked and defaced @Angrybirds website after reports confirms its spying on people | http://t.co/FrUZaYLumH
— SyrianElectronicArmy (@Official_SEA16) January 28, 2014
Rovio, the game’s developer, confirmed that the hack, which
reportedly lasted for at least an hour and a half, had taken
place.
“Unfortunately, last night the Angry Birds website was
momentarily defaced, but the situation has been dealt with by our
IT security. The end user data was in no risk at any point,"
the company said in a statement.
Earlier this week, a fresh batch of documents sourced from
whistleblower Edward Snowden and published in the Guardian and
the New York Times showed that US and UK intelligence agencies
use mobile apps – often innocent programs installed by smartphone
users to play games, find directions or meet dates – to track
users. Among the data that can be obtained is the user’s name,
location, email address, phone number and any other information
the app asks, including ethnicity and relationship status. As
well as data users willingly submit, the agencies are reportedly
also able to collect data that is automatically exchanged between
the smartphone and the app server.
Among the documents was a 20-page case study that homed in on
Angry Birds, and showed how to extract sensitive data from a game
that is ostensibly about throwing birds to destroy pigs hiding in
castles.
It appears the private information was not intercepted from Angry
Birds itself, but the online ad agencies that it partners with.
Since many smartphone applications are free to device owners
despite costing millions to develop and maintain, their makers
earn revenue by allowing third-party ad agencies to collect the
users’ data and bombard them with specially-targeted adverts.
In the wake of the revelations, Rovio has denied any
responsibility, and promised to “re-evaluate” its relationship
with outside advertisers.
“We do not collaborate, collude, or share data with spy
agencies anywhere in the world,” Rovio CEO Mikael Hed said
in a statement on the company’s website.
“As the alleged surveillance might be happening through third
party advertising networks, the most important conversation to be
had is how to ensure user privacy is protected while preventing
the negative impact on the whole advertising industry and the
countless mobile apps that rely on ad networks.”
Yet Rovio believes that it was merely used as an illustration by
the NSA, and even if it halted all contact with advertisers, app
users would not be any safer.
“If advertising networks are indeed targeted, it would appear
that no internet-enabled device that visits ad-enabled web sites
or uses ad-enabled applications is immune to such
surveillance,” Rovio said.
Since the latest trove of classified documents became public, NSA
and its UK sister agency GCHQ have insisted that they do not spy
on or collect data from ordinary app users.
"The communications of people who are not valid foreign
intelligence targets are not of interest to the National Security
Agency," said a statement from the American agency.
"Any implication that NSA's foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true.”
At the same time, neither agency has denied the existence of interception techniques outlined in the leaks.