The Inquirer-Home

The NSA spoofs Facebook to snoop on users and infect PCs with malware

More shockers from Edward Snowden
Thu Mar 13 2014, 10:08

THE UNITED STATES National Security Agency (NSA) apparently mimics Facebook to infect users' PCs with malware.

The report cites NSA documents obtained by surveillance whistleblower Edward Snowden and furnished to former Guardian journalist Glenn Greenwald, and appears at The Intercept news website.

The report contains NSA slides that detail programmes to infect millions of computers worldwide and use malware to conduct mass internet surveillance and subvert internet security and privacy on a grand scale. According to the report the UK spy agency GCHQ is also involved.

"In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target's computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer's microphone and take snapshots with its webcam," claimed the report.

"The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites."

This all happened under a programme called TURBINE, a system that has been around since at least 2009. TURBINE is part of a wider system, according to the NSA slides, and relates to plans to "own the net" by infecting millions of computers around the world.

The NSA infects computers with malware using man in the middle or man at the side attacks, the Intercept reported, and this is how it spies on Facebook users.

"In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target's computer into thinking they are being sent from the real Facebook," the report said.

"By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive."

QUANTUMHAND has been around since 2010. It and other methods acquire social networking account cookies and other 'selectors', and TURBINE picks those up as traffic passes through the internet.

Cookies and other selectors are lifted from the websites of Google, Facebook, Hotmail, Yahoo and Twitter, among many others.

The NSA confirmed that it gets up to some stuff, but explained that whatever it does, it does within the law.

"As the President affirmed on 17 January, signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes," it said.

"Moreover, Presidential Policy Directive 28 affirms that all persons - regardless of nationality - have legitimate privacy interests in the handling of their personal information, and that privacy and civil liberties shall be integral considerations in the planning of U.S. signals intelligence activities. All of NSA's operations are strictly conducted under the rule of law." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015