Cyber Incident Victim: Rovio
Date:
Jan 2014
Location:
United States of America
Summary
The official Angry Birds website was temporarily defaced by protesters displaying modified imagery referencing government surveillance, following reports alleging intelligence agencies exploited the app and similar platforms to collect user data through third-party advertising networks. The incident involved DNS tampering that intermittently redirected visitors to a spoofed page, while the developer denied providing user information to surveillance entities but acknowledged reviewing partnerships with ad networks potentially enabling such access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On January 29, 2014, the official Angry Birds website operated by Rovio Entertainment Oyj was temporarily compromised by hackers who defaced the site with protest imagery. Visitors attempting to access the domain during the incident intermittently encountered a modified version of the game's iconic bird and pig characters, altered to display the caption "Spying Birds" and featuring an NSA logo superimposed on the bird's forehead. The defacement stemmed from unauthorized tampering with the domain's DNS settings, which redirected some user requests to servers hosting the protest content. Due to variances in DNS caching configurations across global networks, the altered page remained visible only to a subset of users attempting to visit the site during the attack window. Rovio confirmed the website hijacking occurred but noted the intermittent nature of the disruption, with the company's official domain becoming temporarily inaccessible during containment efforts. The defacement coincided with media reports alleging intelligence agencies exploited mobile applications for surveillance.
The incident followed New York Times and ProPublica publications citing leaked NSA documents from Edward Snowden, which identified Angry Birds among applications allegedly targeted by U.S. and British intelligence agencies for user data collection. Rovio issued a public denial of knowingly providing user information to government surveillance programs but acknowledged third-party advertising networks integrated into their applications could potentially facilitate such data harvesting. Company representatives stated they were reassessing relationships with these advertising partners to address surveillance risks. The defacement itself did not involve compromise of Rovio's internal systems or game infrastructure, being limited to temporary DNS redirection affecting web domain accessibility. No user data breaches or malware distribution occurred during the website hijacking, which primarily served as a symbolic protest against alleged government surveillance practices exploiting mobile applications.