Posts

NSA Angry Birds Help the Government Spy on Your Intimate Details

NSA Angry Birds are Stalking You

So you’ve had a rough day at the office.  You plop down on your couch with a cold beverage nearby, ready to let the day go.  You have twenty minutes until your chicken pot pie dings, and the thought of chicken reminds you of, well… Angry Birds. Harmless fun. NOT!

While you may be enjoying a mindless game, somewhere far off in cyber land others are just beginning to work very hard.  WHO THEY ARE: advertising companies and intelligence agencies alike. WHAT THEY ARE DOING TO YOU: gathering all of the most personal data off of your mobile device: everything from your name, age, sex, location, and perhaps even your political alignment or sexual orientation—and lots more!

All of this is according to documents provided by the former National Security Agency contractor and whistleblower Edward Snowden to the New York Times.  Snowden asserts that the NSA and Britain’s Government Communications Headquarters have been able to gather information from so-called “leaky apps” that give out all sorts of unintended intelligence.

Through these leaks, intelligence agencies and advertising groups are able to collect and store information on location and planning data through use of Google Maps, and access your address books, buddy lists, and telephone logs through use of posts to sites such as Facebook, Flickr, LinkedIn, and Twitter placed on mobile devices. 

It turns out that Big Brother is actually an NSA Angry Bird. I don’t know whether to be more upset with the NSA for scraping this information from Apps, or with the Apps themselves for scraping this information without even telling us!

This top secret NSA document (one of many released by Snowden) shows some of the activities that can be searched.

It’s pretty much understood and accepted that apps (especially older ones) track locations and gather other data to pass on to mobile ad companies.  And we’ve known for some time that the NSA has been pursuing our mobile information, but these documents show us many more details of the “mobile surge” and the ambitious plans the agency has for using the information they gather from apps on smartphones.

Every time you use a smartphone, you need to remember you’re also really using a computer- a highly-sophisticated, highly vulnerable computer.   According to Philippe Langlois, who has studied the vulnerabilities of mobile phone networks and is the founder of the Paris-based company Priority One Security, “By having these devices in our pockets and using them more and more, you’re somehow becoming a sensor for the world intelligence community.” In other words, we are all spies for anyone who has access to our mobile phones, which includes pretty much every app we have.

So what’t the solution? None, as of right now. Until there is legislation governing what can be captured from our mobile phones, we are open game, so to speak. And that makes me angry.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Data Privacy Expert on the Irony of Dictionary.com’s Word of the Year

Dictionary.com has chosen its “word of the year”. Thank the etymological gods it’s not selfie, twerk or hashtag. No, this year’s most relevant, most searched word is:

Privacy.

Call me geeky, but this is happy news to privacy experts, because it raises consciousness that this stuff (your right to keep certain information to your self) actually matters.

 And consciousness has definitely been raised in 2013:

  • Data security and privacy experts everywhere should thank Edward Snowden for exposing the NSA surveillance programs that monitor every American’s phone calls, Facebook posts and emails for signs of terrorism (and any other data they care to intercept).
  • Thanks to SnapChat for making deleted photos recoverable (despite claims they disappear).
  • Additional kudos to Google Glass for raising awareness on how easy it is to capture intellectual property as criminals videotape their way through Fortune 500 offices, record ATM PIN numbers of the bank customer in front of them and deploy instant facial recognition software in a variety of social engineering schemes.
  • And in the Coup de Grace of 2013, bonus points to Target for playing the Grinch in a massive holiday breach that exposed 40 million of their customers’ records (customers who actually shopped at Target, not online).

Here’s the ironical twist to the word of the year: Dictionary.com violates your privacy at a standard higher than most other websites. You thought you were just looking up a word, right? Wrong – you are creating a traceable behavioral profile that can be sold to marketing firms worldwide. For example, when you type a word into Dictionary.com, your “surfing profile” is immediately sold to 234 additional websites before you’ve even read the full definition. So when your daughter looks up “bankruptcy” while doing a term paper for high school, Chase Bank buys that information, scores you as a high risk candidate for financial default and, the next time you apply for a credit card, redirects you to a web page offering you a considerably higher annual APR. Brilliant, no? See more examples in my post Big Brother Lives in Your Browser.

I don’t want to look a gift horse in the mouth, however (well, maybe a little). Thank you to Dictionary.com for reinforcing the relevance of data privacy issues that quietly affect every one of us every day. Now, if privacy experts could just get Dictionary.com to include a definition of data privacy that accounts for the idea of consent (that we get a choice of what to share and who to share it with), that would be real progress. In other words, data privacy is a matter of degree, not all or nothing.

John Sileo is an author and keynote speaker on privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to defend the data that drives their profitability. His recent engagements include presentations at the Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Does the NSA or Google Spy More on You? [Burning Questions Ep. 4]

Today’s Burning Question for online privacy expert John Sileo:

“Who is the bigger spy, the NSA or Google?”

I thought that was a really fascinating question.  Of course, it comes because in the last couple of months the NSA has been outed by Edward Snowden, the former NSA employee.  The NSA (National Security Agency) has been spying on our phone calls- who we’re calling and when, our emails- who we’re emailing and what about, and even our social media posts.

The latest scandal is called “Muscular”.  Somehow, the NSA has gotten between the transmissions of Google and Yahoo.  In other words, the NSA has been “sniffing” the emails going back and forth between the two largest email providers in the US and this has angered the tech giants like Google, Yahoo, and Facebook.

Recently there was an article in the New York Times about the tech companies wanting to defend their privacy.  In particular, Eric Schmidt, the chairman of Google, has gone on the record to the Wall Street Journal talking about how we need to do a better job defending our privacy.  (Watch the video embedded in our BQ video.)

Let’s take a look at a few of Schmidt’s comments.  First, he said, “You have to take a strong position in favor of privacy.  Do you really want the government tracking all of your information?”  I find it very ironic that this man whose company tracks all of our information is asking this question!  You could substitute Google’s company name for government:  “Do you really want Google tracking all of your information?”  Here he is calling for privacy on one hand and violating it on the other.

The second statement that is fascinating is, “Let’s start with appropriate oversight and transparency.  You don’t have to violate the privacy of every single citizen in America in order to find them.”  You might also say you don’t have to violate the privacy of every single citizen or track the privacy of every single user of Google in order to market to them.  It takes a lot of gumption for somebody who is so focused on collecting our private data to say that the NSA is collecting too much information!

So, the question again is, “Who is the bigger spy, the NSA or Google?”  Well, of course, the NSA is much larger and is collecting more information, but mostly thanks to companies like Google.

John Sileo is a keynote speaker and online privacy expert, as well as the CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. Recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

USA Today MUSCULUR

HoGo Document Protection: 10 Questions w/ Digital Privacy Expert John Sileo

By Mike Spinney, HoGo (Document Protection Simplified)

John Sileo is a kindred spirit when it comes to fighting the good fight against data breach and identity theft. I met John about seven years ago when we were both part of a joint project to raise awareness over the issue of physical document protection and we’ve been friends ever since. I admire what John does to help make people more aware of their personal risk and take steps to prevent identify theft. A two-time victim of identify theft, John has refused to wallow in his victimization and instead has become a privacy expert in his own right and taken his powerful, personal message to audiences around the world raising identity theft prevention awareness as one of the issues premiere speakers.

In addition to keynote speaking and his video series, Burning Questions, John is a frequent media source for stories about privacy and identity theft. He was in my area last month for to give a series of keynote presentations for the University of Massachusetts’ privacy awareness program so I took the opportunity to meet with John and ask him ten questions about his work and the issue of data privacy and information protection.

HoGo:  Your personal ID theft story is not uncommon. Is there anything that might have caused you to take better care of your personal information prior to your first experience? Continue Reading…

Privacy Expert: NSA Intercepting Your Address Books, Buddy Lists

Snowden_Leak_Tip_of_the_Iceberg_of_NSA_Surveillance_Program__141492What makes a privacy expert nervous? Glimpsing the size of the iceberg under the surface. When National Security Agency contractor Edward Snowden became a whistle blower earlier this year, I think we all knew we were really just seeing the tip of the iceberg about exactly how much information the NSA was gathering on the average American citizen.  And it was a pretty large tip to start with.

Here’s a reminder of what started the whole thing.  Snowden provided reporters at The Guardian and The Washington Post with top-secret documents detailing two NSA surveillance programs being carried out by the U.S. Government, all without the average voter’s knowledge. One gathers hundreds of millions of U.S. phone records and the second allows the government to access nine U.S. Internet companies to gather all domestic Internet usage (so they are tapping pieces of your phone calls and emails, in other words). The intent of each program respectively is to use meta-data (information about the numbers being called, length of call, etc., but not the conversation itself, as far as we know) to detect links to known terrorist targets abroad and to detect suspicious behavior (by monitoring emails, texts, social media posts, instant messaging, chat rooms, etc.) that begins overseas. As a privacy expert, I understand the need to detect connections among terrorists; the troubling part is the scope of the information being gathered. Read more