Angry Birds website attacked following NSA spying allegations

Graham cluley
Graham Cluley @
@[email protected]
@gcluley

Visitors to the official Angry Birds website, run by Finnish developers Rovio, saw an unexpected message overnight.

Spying Angry Birds

Rovio confirmed to the Finnish press that its website had been meddled with to display a message saying “Spying Birds” with one of their iconic Angry Birds bearing an NSA logo on its forehead.

However, at this stage it’s not clear if Rovio’s web servers were compromised or if the hacker managed to hijack the firm’s DNS records and send visiting computers to a third party site carrying the image instead.

Sign up to our free newsletter.
Security news, advice, and tips.

Whatever the details of how the hack was perpetrated, it appears to have only been present for a few minutes and the company made its website unavailable for 90 minutes while it confirmed that its systems were now secured.

According to a tweet by the Syrian Electronic Army, the attack was conducted by a hacker calling themselves “Anti-NSA hacker”.

Angry Birds What is clear, however, is that hackers were almost certainly motivated by news reports this week that the NSA and the UK’s GCHQ were exploiting Angry Birds and other smartphone apps to help them collect user data.

The revelations, detailed in documents leaked by NSA whistleblower Edward Snowden, explain that popular apps which are monetised through advertising networks stream personal information to target in-app ads more reliably, but can also leak personal information that can be snapped up by intelligence agencies.

Rovio has issued a statement to the press, denying it voluntarily shares any user information with surveillance agencies, and saying it will re-evaluate how it works with third party advertising networks.

As I’ve mentioned before, there certainly is a problem with some smartphone apps transferring sensitive information (such as GPS location, address books and phone numbers) in an insecure way.

Clearly more app developers need to work harder to ensure that any information which ekes out of their apps is properly encrypted and sent over a secure SSL connection.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham cluley
Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

You may also like...

One comment on “Angry Birds website attacked following NSA spying allegations”

  1. Michael Findlay
    January 29, 2014 at 12:29 pm

    Whilst I do not approve of the NSA spying, it is not the fault of the developers, it would be like anyone using Angry birds to siphon data from DNS poisning on access points and breaking and modifying dns servers of big ISP's. They should not be caught in the cross fire of this, it should all be aimed at the source via legitimate means.

    Reply

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.