The NSA Posed as Facebook to Better Spy on You
You’re probably already well aware that the National Security Agency is spying on you. A new report from The Intercept reveals yet another place they’re doing it.
The NSA pretended to be Facebook—you know, that 500-million person social network—so it could trick you into downloading invasive malware. Per the piece:
"In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive," Ryan Gallagher and Glenn Greenwald report. "In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam."
It’s a variation on a common scheme called phishing, in which an entity poses as an official site, gains your trust and then exploits it. (See this recent Netflix scheme for an example.) Usually, the perpetrators are small-time crooks, and not the U.S. government.
These particular tactics were apparently once only reserved for a small number of difficult targets who couldn’t be monitored via traditional wiretaps. But according to documents obtained by The Intercept, the NSA has recently expanded this technology so that these little malware mines around the internet, dubbed implants, can “scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”
In other words, the NSA designed a surveillance system that skirted actual human oversight so that they could spread malware to millions of computers. Malware that allows them to see everything you’ve saved on your computer. Not cool.
Even worse? This type of spying actually weakens computer security systems, immediately making any NSA target vulnerable to third-party attacks, a malware expert told The Intercept.
The NSA declined to answer specific questions about this project. “As the president made clear on 17 January,” the agency said in a statement, “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”
These revelations come just on the heels of the South by Southwest Interactive conference, which hosted a talk with Edward Snowden on Monday. The former NSA contractor and whistleblower urged technologists to begin designing products which focus on individual security.
Technologists, hurry up, please.
Read the rest of the unsettling report here.