Spies track mobile users with BADASS tracker (yes, that’s what they call it)

As Ars has previously reported, documents passed to journalists by former National Security Agency contractor Edward Snowden have shown that the NSA and its British counterpart agency, the GCHQ, have exploited privacy “leaks” in mobile applications (including Rovio’s Angry Birds) to track individuals of interest. A new document recently published by Der Spiegel provides further details on just how much the GCHQ was able to extract from mobile data to keep tabs on those it targeted for surveillance. The British agency used a program referred to as BADASS to suck up data emitted from Angry Birds and other apps, and the information was so granular, analysts could even track how well (or poorly) a person was doing playing.

BADASS is an acronym for “BEGAL Automated Deployment And Survey System,” and the system pulled in data from GCHQ and NSA network taps identified as mobile analytics and advertising traffic. Among other things, this data included Google “pref” cookies (such as those used by Ars to identify users in our own passive network surveillance testing with NPR) and Flurry application analytic data used by developers to track usage and performance of their mobile apps.

A slide shows just some of the information that can be pulled from unencrypted application analytics.

User location data and activity could also be monitored based on the data stream, allowing analysts to pinpoint an active user within minutes, according to the GCHQ presentation from 2011.

Read 1 remaining paragraphs | Comments


Ars Technica » Technology Lab