New Documents Show NSA Uses Fake Facebook Profiles To Spread Malware
NSA leaker Edward Snowden, currently living in political asylum in Russia, appeared via video feed to speak to a crowd of tech community members at this year’s South by Southwest conference. Snowden covered several topics regarding Internet security and the NSA throughout his question-and-answer panel, but the whistleblower still has yet to release many of his documents detailing the covert practices carried out by his former government agency.
According to a new report from the Washington Times, one such NSA practice consists of hacking into individuals’ Facebook profiles and using malware bots to extract data. This information was found in a 2009 NSA slide presentation, released by The Intercept.
The Intercept claims the following: “In some cases the NSA has masqueraded as a fake Facebook server, using the social-media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyber attacks by corrupting and disrupting file downloads or denying access to websites.”
This statement means that the NSA has lured Facebook users to fake profiles in order to gain access to their computers, data and hard drives. This practice can have far-reaching implications throughout the world, especially since Facebook is such a widely-used social network. This practice, then, does not just affect United States citizens under the jurisdiction of the federal government agency.
Still, Facebook denies that the U.S. government has been carrying out such a practice. A Facebook spokesman explained that the site now only uses secure servers.
“We have no evidence of this alleged activity. In any case, this method of network level disruption does not work for traffic carried over HTTPS, which Facebook finished integrating by default last year. If government agencies have privileged access to network service providers, any site running only HTTP could conceivabbly have its traffic misdirected,” the Facebook spokesman said.
Regardless of whether or not Facebook is aware of the practice, Snowden has urged large tech companies like Facebook and Google to refrain from collecting so much data involving its users. Speaking at SXSW, Snowden claimed that the revenue model for many online businesses is misguided, as companies succeed by collecting data and retuning targeted advertisements toward individuals. If the federal government then demands that data be handed over, companies like Facebook would remit a wealth of information regarding specific users.