NSA Used Facebook As a Trojan Horse to Infect Targets with Malware

[mountaineer]

Natasha Tiku writes at Valley Wag:

Glenn Greenwald's Snowden files are like a the bottomless mimosas of cyber-security scares. The latest dispatch from The Intercept describes how the National Security Agency exploited Silicon Valley by disguising itself as a fake Facebook server in order to infect targeted computers with malware.

Through these "implants," the NSA was able to "siphon out data from foreign Internet and phone networks."

In a way, the government agency sounds like any other startup. They developed this "groundbreaking surveillance technology" to optimize hacking into computers undetected. They also built an automated system codenamed TURBINE to truly scale spying by reducing "the level of human oversight in the process." Automating the implant process, you see, enables the NSA to potentially infect millions of computers worldwide!

Wearing a friendly Facebook mask also helped:

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target's computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer's microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

According to one top-secret document from 2012, the agency used to use spam emails to get targets to click on "malicious links" that activated a "back-door implant." But Internet users are not as gullible as they once were, so the NSA had to hit them where they hang out online:

In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target's computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.

  ...

Click on link for full story and more internal links

[Oceander]

More from the story:

Spokesperson Jay Nancarrow told The Intercept that Facebook had "no evidence of this alleged activity." Facebook is less vulnerable to malware attacks now that it offers users HTTPS encryption for users, but that was only implemented last year.

That's nice, but it doesn't do anything to prevent attacks using a fake server and in any event we already have information courtesy of Snowden that the NSA systematically attacked and weakened the encryption systems used by the internet to make it easier for them to decrypt transmissions.

[mountaineer]

Los Angeles Times story:

NSA posed as Facebook to infect computers with malware
By Salvador Rodriguez
March 12, 2014, 11:34 a.m.

 

The National Security Agency has reportedly used automated systems to infect user computers with malware since 2010, according to a Wednesday report. And at times the agency pretended to be Facebook to install its malware.

The NSA has been using a program codenamed TURBINE to contaminate computers and networks with malware "implants" capable of spying on users, according to The Intercept, which cited documents provided by whistleblower Edward Snowden.

Between 85,000 and 100,000 of these implants have been deployed worldwide thus far, the report said.

To infect computers with malware, the NSA has relied on various tactics, including posing as Facebook.

The federal agency performed what is known as a "man-on-the-side" attack in which it tricked users computers into thinking that they were accessing real Facebook servers. Once the user had been fooled, the NSA hacked into the user's computer and extracted data from their hard drive.

Facebook said it had no knowledge of the NSA"s TURBINE program, according to the National Journal. However, the social network said it is no longer possible for the NSA or hackers to attack users that way, but Facebook warned that other websites and social networks may still be vulnerable to those types of attacks. ...


Read the rest of the story