In another revelation of gross violations by the US National Security Agency, it was revealed today that the agency used a phony Facebook server it set up to infect unsuspecting users with malware.
The story comes via the top secret files former NSA contractor Edward Snowden stole and shared with The Intercept, the intelligence news website run by journalist Glenn Greenwald and others.
It shows that the NSA used “implants” to “siphon out data from foreign Internet and phone networks.”
One program the NSA used was codenamed TURBINE, an automated malware-implanting program that the agency said reduced the need for human oversight. This would not only ease the overall process of spying, but also set it to autopilot.
The NSA would use Facebook as a means to implant malware that would extract files from a targeted hard drive, use spam emails to infect a computer which could take photos with your webcam, or turn on a computer’s microphone to covertly record audio. The agency also had the ability to corrupt files being downloaded or block websites.
The NSA called their Facebook hacking program QUANTUMHAND. According to the documents, it utilizes a “man-on-the-side” attack, which fools your computer into thinking it’s accessing Facebook, with the packets being sent from the NSA’s servers mimicking Facebook. The disguised packets are full of NSA data, which it uses to commandeer you computer. and a top-secret video animation the NSA made explains how it works.
The program was up and running in October 2010, according to the leaked documents, and was tested on a dozen subjects. Facebook offers encrypted data transfers via HTTPS, which makes hacking more difficult, but HTTPS was an opt-in feature that was only globally adopted on the site for all users last year. Facebook told The Intercept that they had no idea that the NSA was using this exploit.
The infrastructure running the hacking programs is run out of NSA’s Maryland headquarters, with hubs in Japan and England.
While a select handful of high-value targets were previously the targets of such surveillance, which was previously carried out by human agents, the programs represent a technical leap forward by the agency, with the new capabilities capable of targeting millions. The Intercept story said that that until 2004, the NSA could only target 100 to 150 people with the implants. Now its own “Expert System” infrastructure manages and implements implants. Designed to work “like the brain,” the program decides how to best carry out hacking and cyberattacks.
The news will no doubt worsen an already-tense relationship that the US’s tech giants have with the NSA. The agency’s PRISM program, the second Snowden revelation, relied on a partnership with Google, Apple, Facebook, Microsoft, Skype and others to siphon web traffic for analysis by the NSA. Fearing their security reputations would be further compromised, the tech companies sought to clarify their roles in the days after the scandal erupted, saying they had not, in fact, given the NSA access to their company servers. The furor resulted in a closed-door tech summit with the Obama administration, where corporate representatives voiced their displeasure with how the NSA was working.
Today’s TURBINE revelation of automated spying represents another criticism the NSA had sought to dampen; that it provides adequate oversight for it’s spying programs.
One defense the NSA has offered for PRISM is that it operated with oversight, and didn’t allow agents to pursue lines of inquiry that were more than three degrees (or “hops”), removed from a targeted suspect. An internal audit leaked by Snowden last summer revealed that the agency broke its own rules thousands of times within the span of a year between April 2011 and March 2012. While that was a blow to the NSA’s claims, automated spying with no oversight should further weaken their position that the spy agency is acting responsibly.
The irony of course is that Facebook has consistently been a lightning-rod for user privacy concerns, both on the front end, historically with the site not giving users enough options to decide who got to see what information, and with their policies on user data and how it could be stored, and to what ends it could be used.
It should be interesting to see how Facebook responds, now that the NSA seemingly has made it have to put out another fire.
The NSA offered no comment on the story, deferring to a January presidential directive that states that the NSA will only engage in foreign signal intelligence “exclusively where there is a foreign intelligence or counterintelligence purpose.” No word on whether automated spying and hacking Facebook fits that definition, according to the NSA.