14 DAY TRIAL // Traffic intercepted from mobile phones was sorted by spy agencies in Canada and the UK using a software called BADASS (BEGAL Automated Deployment and Survey System).
The data gathered from the devices contained encrypted information from installed apps, but it also included data uploaded anonymously to servers belonging to advertising and analytics companies, which the agencies needed to separate in the traffic stream.
Info collected by ad and analytics firms is golden
These details are not encrypted and ad companies use them for targeted advertisements, but the intelligence can also lead to identifying an individual based on the unique phone identifier, the locations visited or the IP address, an aspect GCHQ and Communications Security Establishment Canada (CSEC) agencies were very much interested in.
The program used by the two intelligence organizations was leaked by German newspaper Der Spiegel on January 17 from documents provided by NSA whistleblower Edward Snowden.
In the presentation slides for the tool, which are four years old, the case of Flurry analytics firm is demonstrated, now under the umbrella of Yahoo, which was able to compile data from Motorola Droid users to learn that the mobile manufacturer sold about 250,000 devices in the first week in the US.
The amount of details collected by the company sometimes included the user’s gender, how long the application was open, and the unique identifier of the phone.
HTTPS would have been a killer for the program
By analyzing all the bits delivered to such companies, GCHQ and CSEC employees managed to distinguish format patterns for different types of info, allowing them to get access to the exact same details received by businesses providing data analysis services.
From this, they started to create a set of rules and filters that would allow identification of the data, as well as separating it from the rest.
The ad platforms used as examples in the BADASS presentation included Flurry, Google’s AdMob, MSN Mobile Advertising, Mobclix, Mydas, and Medialets.
Important to stress is the fact that all the information extracted was delivered in an unencrypted way, via HTTP; if the secure protocol HTTPS had been used, then GCHQ and CSEC would have had a tough time getting what they wanted as the encryption scheme needed to be broken.
At the moment, not all advertising companies retrieve info from devices via an encrypted connection.
