In-depth

Angry Birds, Squeaky Dolphin, NoseySmurf: The NSA programs you never knew about

IT Pro takes you on a run down of some of the major NSA projects that may have passed you by over the last 12 months

The National Security Agency (NSA), set up to combat foreign and domestic intelligence threats to the US, has had its reputation turned upside down since whistleblower Edward Snowden began to leak details of its clandestine activities.

In the past year, Snowden's leaks have revealed more than 40 separate intelligence campaigns undertaken by the NSA or its UK allies at GCHQ.

Advertisement - Article continues below

Among the most infamous was the news the NSA had been infiltrating the data centres of US technology companies - including Facebook, Microsoft and Google - and snatching user data from the traffic.

Upstream and PRISM, the names of the surveillance operations that conducted those clandestine acts, caused outrage throughout the technology industry and the world. People began to wonder if their data was truly safe in the hands of the big companies and on the internet.

The ripples of that discovery can still be felt today, as companies attempt to side-step their involvement or relocate their services to assuage worried customers.

Yet those two operations were only part of myriad of projects the NSA and GCHQ have undertaken. The details of many more have been released by Snowden over the past year, some of which you might never even have heard of.

Angry Birds

Angry Birds in space

Nowhere is safe from the prying eyes of government agencies, it seems, not even much-loved mobile game Angry Birds.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

As soon as a player opened up the game and began their bird-slinging adventures, algorithms within the game's code relayed their age, sex and other information to intelligence agents.

This is according to documents leaked from GCHQ, which revealed how it and the NSA had been working on ways to tap into mobiles and collect data through apps. Not just Angry Birds fell foul of the surveillance program: Google Maps, Facebook, Twitter and LinkedIn were also targeted.

"It effectively means that anyone using a smartphone is working in support of a GCHQ system," a secret 2008 report by the British agency said.

NoseySmurf

Also known by the names "TrackerSmurf" and "DreamySmurf", the NoseySmurf project tied into the Angry Birds scheme by tapping into mobile phones to scrape data from users.

The NSA spent over $1 billion (580 million) in its search to find more efficient tracking and piggybacking methods for infiltrating targeted devices. In one top-secret presentation, the agency describes a victim uploading an image to Facebook from their phone as a "Golden Nugget!!"

Advertisement - Article continues below

From the simple act of someone uploading a picture to a social media site, later slides say, agents could glean a victim's contacts, location, gender, age, income, ethnicity, education level and even number of children.

HappyFoot

HappyFoot was the codename for an operation designed to track internet users' movements by piggybacking onto their cookies and location data.

When a consumer visits a site cookies are enabled on their computer, allowing the site's company to tailor advertisements to them, something government snoops were keen to exploit.

Slides released by Snowden and published by the Washington Post revealed the NSA had been latching onto these cookies in order to identify possible targets for further hacking operations.

Using a unique cookie from Google called PREF, intelligence agents could pick out one person from a sea of internet data in order to focus on them specifically. The NSA slides indicated that Google complied with this action entirely after being compelled to by the US government.

Squeaky Dolphin

There's a prize for anyone who can understand the reasoning behind this codename. Squeaky Dolphin was an initiative thought up by the UK's GCHQ. It involved tapping into the cables carrying the world's web traffic in order to monitor what people are up to on social media.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Documents leaked to NBC news by Snowden revealed how British spies showed off their new invention to their US counterparts. GCHQ demonstrated how it could monitor YouTube in real time and collect addresses from the billions of videos watched every day.

Analysts demonstrated how, through a central information hub, they could determine which videos were popular in which cities and at what times, as well as what each demographic preferred to click on.

The UK spooks did mention to their allies that this program was for general trends only and not for spying on individuals, but there are as yet unconfirmed rumours GCHQ used the tech to target Twitter users with propaganda.

Gilgamesh

Unfortunately, this operation has nothing to do with the fifth king of Uruk Mesopotamia.

According both to documents released by Snowden and the testimony of a former drone operator, the NSA used telecommunications devices as targets for drone strikes.

Advertisement - Article continues below

Rather than confirming with operatives on the ground, said the whistleblower, the NSA would identify a target based on the geolocation of their phone and order an assassination.

The drone operator was adamant the technology was aiding the War on Terror but that civilians were "absolutely" being killed en masse by the strikes.

Terrorists cottoned on to the NSA's idea, though, and began to mix up their SIM cards to avoid being tracked. Commanders would switch them with footsoldiers and footsoldiers with civilians.

The NSA often located targets based on their activity levels and not on the content of the calls, resulting in, according to the former pilot "death by unreliable data."

EgotisticalGoat

EgotisticalGoat and its sister program, EgotisticalGiraffe, were designed to help facilitate attacks on people using the anonymous network Tor.

Techniques included targeting web browsers like Firefox and giving the NSA full control over a target's computer keystrokes, online activity and files.

Advertisement - Article continues below

The Tor network is relied upon by journalists, activists and campaigners around the world to maintain the secrecy of their communications and avoid reprisals from their respective governments.

The network, oddly enough, is provided with 60 per cent of its funding by the US government.

Agents operating EgotisticalGoat admitted the Tor network was too large for them to completely crack. In one top-secret presentation named "Tor Stinks" it stated "We will never be able to de-anonymize all Tor users all the time ... with manual analysis we can de-anonymize only  a very small fraction of Tor users."

With more information to come from Snowden, who claims his leaks to date are just the tip of the iceberg, do we have more cause for concern over our data than ever before? Are all of these operations a gross misconduct or a necessary evil? Let us know what you think by emailing us at comments@itpro.co.uk.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020

Most Popular

Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020