HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » The NSA reportedly poses ...
Introducing Discussionist: A new forum by the creators of DU

Wed Mar 12, 2014, 11:48 AM

The NSA reportedly poses as Facebook to spread malware

After failing to infect targets with malware in spam emails, the U.S. National Security Agency has reportedly turned to Facebook.

According to a report by The Intercept, the NSA “disguises itself as a fake Facebook server” to perform “man-in-the-middle” and “man-on-the-side” attacks and spread malware. The Intercept is the first in a series of publications created by Pierre Omidyar‘s First Look Media.

Journalists Ryan Gallagher and Glenn Greenwald claim that Facebook users are tricked into visiting “what looks like an ordinary Facebook page.” From there, they claim, “the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive.”

Facebook did not immediately respond to VentureBeat’s request for comment on the news. The Intercept offers the following details from Facebook:

Facebook spokesman Jay Nancarrow said the company had “no evidence of this alleged activity.” He added that Facebook implemented HTTPS encryption for users last year, making browsing sessions less vulnerable to malware attacks.
A purportedly official animation, uploaded on Vimeo, reveals how the NSA conducts the Facebook hack:


http://venturebeat.com/2014/03/12/the-nsa-reportedly-poses-as-facebook-to-spread-malware/


NSA surveillance initiative named “Owning the Net.”



Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers.

The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.”

The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”


Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.

To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second.

In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.

https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/


Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.

“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”


http://www.f-secure.com/en/web/home_us/home?s_tnt=48484:1:0

26 replies, 1246 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 26 replies Author Time Post
Reply The NSA reportedly poses as Facebook to spread malware (Original post)
Ichingcarpenter Mar 2014 OP
G_j Mar 2014 #1
jsr Mar 2014 #2
Ichingcarpenter Mar 2014 #4
WhaTHellsgoingonhere Mar 2014 #18
LiberalEsto Mar 2014 #3
Ichingcarpenter Mar 2014 #6
jsr Mar 2014 #5
Maedhros Mar 2014 #16
randome Mar 2014 #7
Ichingcarpenter Mar 2014 #9
randome Mar 2014 #10
questionseverything Mar 2014 #11
randome Mar 2014 #12
ancianita Mar 2014 #15
hootinholler Mar 2014 #17
randome Mar 2014 #24
hootinholler Mar 2014 #26
Rex Mar 2014 #25
questionseverything Mar 2014 #8
DJ13 Mar 2014 #13
IDemo Mar 2014 #14
PhilSays Mar 2014 #19
erronis Mar 2014 #21
ChisolmTrailDem Mar 2014 #20
WillyT Mar 2014 #22
woo me with science Mar 2014 #23

Response to Ichingcarpenter (Original post)

Wed Mar 12, 2014, 11:52 AM

1. I saw the name Greenwald

so I am going to ignore this story...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to G_j (Reply #1)

Wed Mar 12, 2014, 11:54 AM

2. +1

Reply to this post

Back to top Alert abuse Link here Permalink


Response to G_j (Reply #1)

Wed Mar 12, 2014, 11:57 AM

4. Well I saw the name Snowden so

i'm gonna ignore that you are going to ignore.


So there


Reply to this post

Back to top Alert abuse Link here Permalink


Response to G_j (Reply #1)

Wed Mar 12, 2014, 02:44 PM

18. LOL!

and we know it's not legit because someone who has spent any time surfing the net would have named the operation "pwning the Net".

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ichingcarpenter (Original post)

Wed Mar 12, 2014, 11:54 AM

3. This is sickening

It seems to be that the NSA should be substantially shrunk and weakened, but who among our elected officials has the guts to try?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to LiberalEsto (Reply #3)

Wed Mar 12, 2014, 11:58 AM

6. One of the real issues with this

is that their constant growing crap could destroy the internet.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ichingcarpenter (Original post)

Wed Mar 12, 2014, 11:58 AM

5. Do you trust Facebook or the NSA?

Hard to decide, ain't it?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jsr (Reply #5)

Wed Mar 12, 2014, 02:25 PM

16. Neither.

Although Facebook (so far) lacks an enforcement arm that can arrest/imprison/torture/kill citizens, so they're the lesser evil here.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ichingcarpenter (Original post)

Wed Mar 12, 2014, 12:12 PM

7. And does any of this have to do with legitimate law enforcement targets?

Funny how these scare-mongering journalists never pose that question.

I bet there are detectives somewhere who are right now listening in to someone's phone calls!

A ton of bricks, a ton of feathers. It's still gonna hurt.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to randome (Reply #7)

Wed Mar 12, 2014, 12:20 PM

9. legitimate law enforcement targets? How about Obama

the supreme court and Congress?


Russ Tice, Bush-Era Whistleblower, Claims NSA Ordered Wiretap Of Barack Obama In 2004

http://www.huffingtonpost.com/2013/06/20/russ-tice-nsa-obama_n_3473538.html

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ichingcarpenter (Reply #9)

Wed Mar 12, 2014, 12:24 PM

10. Anyone can claim anything. Reference Ed Snowden.

Tice was unfairly treated by the Bush Administration. But every year or so he comes out now with a new revelation. He's starting to sound like someone trying to sell us something, IMO.

And none of this addresses my original point: why wouldn't a good journalist pose that question to his/her readers? Because his primary goal is to scare us.

A ton of bricks, a ton of feathers. It's still gonna hurt.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to randome (Reply #10)

Wed Mar 12, 2014, 12:34 PM

11. asked and answered

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”

In a top-secret presentation, dated August 2009, the NSA describes a pre-programmed part of the covert infrastructure called the “Expert System,” which is designed to operate “like the brain.” The system manages the applications and functions of the implants and “decides” what tools they need to best extract data from infected machines.

Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.

“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”

Hypponen believes that governments could arguably justify using malware in a small number of targeted cases against adversaries. But millions of malware implants being deployed by the NSA as part of an automated process, he says, would be “out of control.”

“That would definitely not be proportionate,” Hypponen says. “It couldn’t possibly be targeted and named. It sounds like wholesale infection and wholesale surveillance.”

Reply to this post

Back to top Alert abuse Link here Permalink


Response to questionseverything (Reply #11)

Wed Mar 12, 2014, 12:40 PM

12. And I would agree that if they are randomly infecting millions of PCs, they should stop.

But just because a system can scale up to that level doesn't mean it is doing so. Hell, I could write a computer virus tomorrow and it would be capable of being deployed to millions of PCs. The potential is always there, that's part of the Information Age we live in.

They're still talking about 'control implants by groups'. What groups? A terrorist cell in Pakistan? A drug cartel in Mexico? Curious minds would want to know that so as to have a fuller picture.

A ton of bricks, a ton of feathers. It's still gonna hurt.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ichingcarpenter (Reply #9)

Wed Mar 12, 2014, 02:15 PM

15. Absolutely. The NSA can be shrunk by the president through his appointees.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to randome (Reply #7)

Wed Mar 12, 2014, 02:40 PM

17. LOL Why would they pose that question?

The NSA is not a law enforcement agency.

I also bet your detectives are operating under an actual warrant, and not a fishing license.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to hootinholler (Reply #17)

Wed Mar 12, 2014, 06:07 PM

24. There is nothing in the article that says they are using this capability on American citizens.

If you don't think the U.S. should spy on anyone, that's a valid opinion but not one that won't be shared by many.

They never ask supply this basic question: is what the NSA doing in this instance illegal? Most likely it isn't but why would a good journalist not at least throw that question out for our consideration? They don't want us to think about that for ourselves.

You should never stop having childhood dreams.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to randome (Reply #24)

Wed Mar 12, 2014, 07:38 PM

26. Oh I misinterpreted your post

I was thinking of NSA in a law enforcement meaning when you meant as a subject of investigation.

They can spy on the world, but they may not own the intertubes, which BTW, is a recently revealed goal of theirs.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to hootinholler (Reply #17)

Wed Mar 12, 2014, 07:35 PM

25. Well when one

voluntarily defends the NSA over every concern...they sometimes come out looking strange imo.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ichingcarpenter (Original post)

Wed Mar 12, 2014, 12:18 PM

8. with intent to disrupt communications....

A man-in-the-middle attack is a similar but slightly more aggressive method that can be used by the NSA to deploy its malware. It refers to a hacking technique in which the agency covertly places itself between computers as they are communicating with each other.

This allows the NSA not only to observe and redirect browsing sessions, but to modify the content of data packets that are passing between computers.

The man-in-the-middle tactic can be used, for instance, to covertly change the content of a message as it is being sent between two people, without either knowing that any change has been made by a third party.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ichingcarpenter (Original post)

Wed Mar 12, 2014, 01:15 PM

13. This leads to a question

Is there any malware scanner that can detect the malware used by the NSA?

Or are the scanner programmers compromised as well?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ichingcarpenter (Original post)

Wed Mar 12, 2014, 01:26 PM

14. # Block Facebook (Windows Hosts)

# Block Facebook
127.0.0.1 www.facebook.com
127.0.0.1 facebook.com
127.0.0.1 static.ak.fbcdn.net
127.0.0.1 www.static.ak.fbcdn.net
127.0.0.1 login.facebook.com
127.0.0.1 www.login.facebook.com
127.0.0.1 fbcdn.net
127.0.0.1 www.fbcdn.net
127.0.0.1 fbcdn.com
127.0.0.1 www.fbcdn.com
127.0.0.1 static.ak.connect.facebook.com
127.0.0.1 www.static.ak.connect.facebook.com

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ichingcarpenter (Original post)

Wed Mar 12, 2014, 02:45 PM

19. Smart tactic.

 

When they get the warrant, I'm sure it's very effective if the person connected to terrorism has a Facebook account.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to PhilSays (Reply #19)

Wed Mar 12, 2014, 02:55 PM

21. I hear OBL's facebook page is still waiting to be friended

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ichingcarpenter (Original post)

Wed Mar 12, 2014, 02:50 PM

20. Never mind what the NSA is doing! It's about Snowden and Greenwald tattling on them! nt

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ichingcarpenter (Original post)

Wed Mar 12, 2014, 06:00 PM

22. HUGE K & R !!! - Thank You !!!


Reply to this post

Back to top Alert abuse Link here Permalink


Response to Ichingcarpenter (Original post)

Wed Mar 12, 2014, 06:03 PM

23. This is not mere political disagreement.



These people are fascists.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread