The NSA Is Using Facebook to Hack Into Your Computer

The spy agency is not above infecting networks with malware by posing as the social-media site, according to newly released Snowden files.

In this photo illustration the Social networking site Facebook is reflected in the eye of a man on March 25, 2009 in London, England. The British government has made proposals which would force Social networking websites such as Facebook to pass on details of users, friends and contacts to help fight terrorism.
National Journal
Dustin Volz
March 12, 2014, 7:08 a.m.

This just in from the Ed­ward Snowden vault of gov­ern­ment secrets: The Na­tion­al Se­cur­ity Agency is break­ing in­to “po­ten­tially mil­lions of com­puters world­wide” and in­fect­ing them with mal­ware “im­plants” as part of an ef­fort that is in­creas­ingly re­ly­ing on auto­mated sys­tems and not hu­man over­sight, ac­cord­ing to a First Look Me­dia re­port pub­lished Wed­nes­day.

And the NSA is pre­tend­ing to be Face­book to get the job done.

“In some cases the NSA has mas­quer­aded as a fake Face­book serv­er, us­ing the so­cial-me­dia site as a launch­ing pad to in­fect a tar­get’s com­puter and ex­filtrate files from a hard drive,” First Look re­por­ted on Glenn Gre­en­wald’s In­ter­cept chan­nel, cit­ing a clas­si­fied slide present­a­tion from 2009. “In oth­ers, it has sent out spam emails laced with the mal­ware, which can be tailored to cov­ertly re­cord au­dio from a com­puter’s mi­cro­phone and take snap­shots with its web­cam. The hack­ing sys­tems have also en­abled the NSA to launch cy­ber­at­tacks by cor­rupt­ing and dis­rupt­ing file down­loads or deny­ing ac­cess to web­sites.”

As part of the “in­dus­tri­al-scale ex­ploit­a­tion,” the agency is lever­aging Face­book’s glob­al ap­peal to trick tar­gets in­to log­ging in to a dop­pel­gang­er ver­sion of the site, a tech­nique dubbed “Quan­tum­hand.”

“If this re­port is ac­cur­ate, the NSA is act­ing like a spam­bot,” said Har­ley Gei­ger, seni­or coun­sel at the Cen­ter for Demo­cracy & Tech­no­logy. “The use of mal­ware im­plants should be tar­geted against spe­cif­ic threats in tightly con­trolled situ­ations, but this kind of mass auto­mated sur­veil­lance would put count­less In­ter­net users at risk.”

First Look‘s re­port de­tails how the NSA was able to trick tar­get com­puters by trans­mit­ting “ma­li­cious data pack­ets” that dis­guise it as the real Face­book, a pro­cess il­lus­trated in this top-secret an­im­a­tion:

{{ BIZOBJ (video: 4810) }}

Face­book denied any know­ledge of the NSA’s mal­ware in­fec­tion pro­gram, and said its site is now pro­tec­ted against such at­tacks. But the com­pany sug­ges­ted that, if the al­leg­a­tions are true, oth­er so­cial net­works could also have been com­prom­ised.

“We have no evid­ence of this al­leged activ­ity,” a Face­book spokes­man told Na­tion­al Journ­al. “In any case, this meth­od of net­work level dis­rup­tion does not work for traffic car­ried over HT­TPS, which Face­book fin­ished in­teg­rat­ing by de­fault last year.”

“If gov­ern­ment agen­cies in­deed have priv­ileged ac­cess to net­work ser­vice pro­viders, any site run­ning only HT­TP could con­ceiv­ably have its traffic mis­dir­ec­ted.”

In re­sponse to the story, the NSA in a state­ment said, “Sig­nals in­tel­li­gence shall be col­lec­ted ex­clus­ively where there is a for­eign in­tel­li­gence or coun­ter­in­tel­li­gence pur­pose.”

UP­DATE: The Na­tion­al Se­cur­ity Agency on Thursday denied us­ing a dop­pel­gang­er ver­sion of Face­book, say­ing it lacks the abil­ity to do so and only con­ducts for­eign in­tel­li­gence op­er­a­tions that are “law­ful and ap­pro­pri­ate.”

What We're Following See More »
STAFF PICKS
When It Comes to Mining Asteroids, Technology Is Only the First Problem
2 days ago
WHY WE CARE

Foreign Policy takes a look at the future of mining the estimated "100,000 near-Earth objects—including asteroids and comets—in the neighborhood of our planet. Some of these NEOs, as they’re called, are small. Others are substantial and potentially packed full of water and various important minerals, such as nickel, cobalt, and iron. One day, advocates believe, those objects will be tapped by variations on the equipment used in the coal mines of Kentucky or in the diamond mines of Africa. And for immense gain: According to industry experts, the contents of a single asteroid could be worth trillions of dollars." But the technology to get us there is only the first step. Experts say "a multinational body might emerge" to manage rights to NEOs, as well as a body of law, including an international court.

Source:
STAFF PICKS
Obama Reflects on His Economic Record
2 days ago
WHY WE CARE

Not to be outdone by Jeffrey Goldberg's recent piece in The Atlantic about President Obama's foreign policy, the New York Times Magazine checks in with a longread on the president's economic legacy. In it, Obama is cognizant that the economic reality--73 straight months of growth--isn't matched by public perceptions. Some of that, he says, is due to a constant drumbeat from the right that "that denies any progress." But he also accepts some blame himself. “I mean, the truth of the matter is that if we had been able to more effectively communicate all the steps we had taken to the swing voter,” he said, “then we might have maintained a majority in the House or the Senate.”

Source:
STAFF PICKS
Reagan Families, Allies Lash Out at Will Ferrell
2 days ago
WHY WE CARE

Ronald Reagan's children and political allies took to the media and Twitter this week to chide funnyman Will Ferrell for his plans to play a dementia-addled Reagan in his second term in a new comedy entitled Reagan. In an open letter, Reagan's daughter Patti Davis tells Ferrell, who's also a producer on the movie, “Perhaps for your comedy you would like to visit some dementia facilities. I have—I didn’t find anything comedic there, and my hope would be that if you’re a decent human being, you wouldn’t either.” Michael Reagan, the president's son, tweeted, "What an Outrag....Alzheimers is not joke...It kills..You should be ashamed all of you." And former Rep. Joe Walsh called it an example of "Hollywood taking a shot at conservatives again."

Source:
PEAK CONFIDENCE
Clinton No Longer Running Primary Ads
2 days ago
WHY WE CARE

In a sign that she’s ready to put a longer-than-ex­pec­ted primary battle be­hind her, former Sec­ret­ary of State Hil­lary Clin­ton (D) is no longer go­ing on the air in up­com­ing primary states. “Team Clin­ton hasn’t spent a single cent in … Cali­for­nia, In­di­ana, Ken­tucky, Ore­gon and West Vir­gin­ia, while” Sen. Bernie Sanders’ (I-VT) “cam­paign has spent a little more than $1 mil­lion in those same states.” Meanwhile, Sen. Jeff Merkley (D-OR), Sanders’ "lone back­er in the Sen­ate, said the can­did­ate should end his pres­id­en­tial cam­paign if he’s los­ing to Hil­lary Clin­ton after the primary sea­son con­cludes in June, break­ing sharply with the can­did­ate who is vow­ing to take his in­sur­gent bid to the party con­ven­tion in Phil­adelphia.”

Source:
CITIZENS UNITED PT. 2?
Movie Based on ‘Clinton Cash’ to Debut at Cannes
2 days ago
WHY WE CARE

The team behind the bestselling "Clinton Cash"—author Peter Schweizer and Breitbart's Stephen Bannon—is turning the book into a movie that will have its U.S. premiere just before the Democratic National Convention this summer. The film will get its global debut "next month in Cannes, France, during the Cannes Film Festival. (The movie is not a part of the festival, but will be shown at a screening arranged for distributors)." Bloomberg has a trailer up, pointing out that it's "less Ken Burns than Jerry Bruckheimer, featuring blood-drenched money, radical madrassas, and ominous footage of the Clintons."

Source:
×