The NSA Is Using Facebook to Hack Into Your Computer

The spy agency is not above infecting networks with malware by posing as the social-media site, according to newly released Snowden files.

In this photo illustration the Social networking site Facebook is reflected in the eye of a man on March 25, 2009 in London, England. The British government has made proposals which would force Social networking websites such as Facebook to pass on details of users, friends and contacts to help fight terrorism.
National Journal
Add to Briefcase
Dustin Volz
March 12, 2014, 7:08 a.m.

This just in from the Ed­ward Snowden vault of gov­ern­ment secrets: The Na­tion­al Se­cur­ity Agency is break­ing in­to “po­ten­tially mil­lions of com­puters world­wide” and in­fect­ing them with mal­ware “im­plants” as part of an ef­fort that is in­creas­ingly re­ly­ing on auto­mated sys­tems and not hu­man over­sight, ac­cord­ing to a First Look Me­dia re­port pub­lished Wed­nes­day.

And the NSA is pre­tend­ing to be Face­book to get the job done.

“In some cases the NSA has mas­quer­aded as a fake Face­book serv­er, us­ing the so­cial-me­dia site as a launch­ing pad to in­fect a tar­get’s com­puter and ex­filtrate files from a hard drive,” First Look re­por­ted on Glenn Gre­en­wald’s In­ter­cept chan­nel, cit­ing a clas­si­fied slide present­a­tion from 2009. “In oth­ers, it has sent out spam emails laced with the mal­ware, which can be tailored to cov­ertly re­cord au­dio from a com­puter’s mi­cro­phone and take snap­shots with its web­cam. The hack­ing sys­tems have also en­abled the NSA to launch cy­ber­at­tacks by cor­rupt­ing and dis­rupt­ing file down­loads or deny­ing ac­cess to web­sites.”

As part of the “in­dus­tri­al-scale ex­ploit­a­tion,” the agency is lever­aging Face­book’s glob­al ap­peal to trick tar­gets in­to log­ging in to a dop­pel­gang­er ver­sion of the site, a tech­nique dubbed “Quan­tum­hand.”

“If this re­port is ac­cur­ate, the NSA is act­ing like a spam­bot,” said Har­ley Gei­ger, seni­or coun­sel at the Cen­ter for Demo­cracy & Tech­no­logy. “The use of mal­ware im­plants should be tar­geted against spe­cif­ic threats in tightly con­trolled situ­ations, but this kind of mass auto­mated sur­veil­lance would put count­less In­ter­net users at risk.”

First Look‘s re­port de­tails how the NSA was able to trick tar­get com­puters by trans­mit­ting “ma­li­cious data pack­ets” that dis­guise it as the real Face­book, a pro­cess il­lus­trated in this top-secret an­im­a­tion:

Face­book denied any know­ledge of the NSA’s mal­ware in­fec­tion pro­gram, and said its site is now pro­tec­ted against such at­tacks. But the com­pany sug­ges­ted that, if the al­leg­a­tions are true, oth­er so­cial net­works could also have been com­prom­ised.

“We have no evid­ence of this al­leged activ­ity,” a Face­book spokes­man told Na­tion­al Journ­al. “In any case, this meth­od of net­work level dis­rup­tion does not work for traffic car­ried over HT­TPS, which Face­book fin­ished in­teg­rat­ing by de­fault last year.”

“If gov­ern­ment agen­cies in­deed have priv­ileged ac­cess to net­work ser­vice pro­viders, any site run­ning only HT­TP could con­ceiv­ably have its traffic mis­dir­ec­ted.”

In re­sponse to the story, the NSA in a state­ment said, “Sig­nals in­tel­li­gence shall be col­lec­ted ex­clus­ively where there is a for­eign in­tel­li­gence or coun­ter­in­tel­li­gence pur­pose.”

UP­DATE: The Na­tion­al Se­cur­ity Agency on Thursday denied us­ing a dop­pel­gang­er ver­sion of Face­book, say­ing it lacks the abil­ity to do so and only con­ducts for­eign in­tel­li­gence op­er­a­tions that are “law­ful and ap­pro­pri­ate.”


Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.