The NSA has pretended to be a Facebook server in order to gain access to computers and steal data, according to the newest report based on the Edward Snowden leaks.
The Intercept report presents more details about National Security Agency tactics that involve installing malware on computers by using online trickery such as intercepting network traffic. (Previously, Der Speigel and the New York Times have reported that the NSA also has physically implanted malware, so the government can access even non-connected computers.)
Besides posing as Facebook, the documents indicate the NSA also has used spam emails to infect computers with malware and exploited security holes in Web browsers, as well as software plugins such as Flash and Java. In some cases, the government means to disrupt traffic and not necessarily siphon off data, the report says.
A Facebook spokesman noted that the social network implemented HTTPS encryption last year, and that the company has seen no evidence of the alleged NSA fakery, according to the Intercept.
Former government tech contractor Snowden this week said encryption works, and urged the tech industry to keep developing tools to thwart massive NSA surveillance. As Brandon Bailey wrote, Snowden calls technologists “the firefighters” battling government spy agencies that are “setting fire to the future of the Internet.”
But the government is pretty confident it can overcome many a technological obstacle, according to the documents examined by the Intercept, one of which quotes an agency hacker who said: “If we can get the target to visit us in some sort of Web browser, we can probably own them. The only limitation is the ‘how.’ ” And in fact, according to the documents, one broad NSA surveillance initiative is called “Owning the Net.”
Photo: The National Security Agency building at Fort Meade, Md. (Associated Press archives)