{"id":41060,"date":"2014-03-17T12:00:43","date_gmt":"2014-03-17T12:00:43","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=41060"},"modified":"2015-05-05T22:10:57","modified_gmt":"2015-05-05T21:10:57","slug":"compare-the-nsas-facebook-malware-denial-to-its-own-secret-documents","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2014\/03\/compare-the-nsas-facebook-malware-denial-to-its-own-secret-documents\/","title":{"rendered":"Compare the NSA\u2019s Facebook Malware Denial to Its Own Secret Documents"},"content":{"rendered":"
\"A<\/a>

A top-secret NSA presentation reveals how the agency used Facebook to hack into targeted computers for surveillance.<\/p><\/div>\n

On Wednesday [12 Mar 2014], Glenn Greenwald and I revealed new details<\/a> about the National Security Agency\u2019s efforts to radically expand its ability to hack into computers and networks across the world. The story has received a lot of attention, and one detail in particular has sparked controversy: specifically, that the NSA secretly pretended to be a fake Facebook server in order to covertly infect targets with malware<\/a> \u201cimplants\u201d used for surveillance.<\/p>\n

This revelation apparently infuriated Facebook founder Mark Zuckerberg so much that he got on the phone<\/a> to President Barack Obama to complain about it. \u201cI\u2019ve been so confused and frustrated by the repeated reports of the behavior of the US government,\u201d Zuckerberg wrote in a blog post Thursday<\/a>. \u201cWhen our engineers work tirelessly to improve security, we imagine we\u2019re protecting you against criminals, not our own government.\u201d<\/p>\n

That wasn\u2019t all. Wired<\/i> ran a piece<\/a> saying that the NSA\u2019s widespread use of its malware tools \u201cacts as implicit permission to others, both nation-state and criminal.\u201d Slate<\/i> noted<\/a> that the NSA\u2019s hacking platform appears to be \u201cbecoming a bit more like the un-targeted dragnets everyone has been so upset about.\u201d Meanwhile, Ars Technica<\/i> wrote<\/a> that the surveillance technology we exposed \u201cposes a risk to the entire Internet.\u201d<\/p>\n

In response, the NSA has attempted to quell the backlash by putting out a public statement<\/a> dismissing what it called \u201cinaccurate\u201d media reports. The agency denied that it was \u201cimpersonating U.S. social media or other websites\u201d and said that it had not \u201cinfected millions of computers around the world with malware.\u201d The statement follows a trend that has repeatedly<\/a> been<\/a> seen<\/a> in the aftermath of major disclosures from documents turned over by NSA whistleblower Edward Snowden, in which the NSA or one of its implicated allies issues a carefully worded non-denial denial that on the face of it seems to refute an allegation but on closer inspection does not refute it at all.<\/p>\n

Prior to publishing our story, we asked the NSA to explain its use of Facebook to deploy malware as part of a top-secret initiative codenamed QUANTUMHAND. The NSA declined to answer all of our questions or offer context for the documents. We went into meticulous detail in our report, which went through a rigorous fact-checking process because of the gravity of the revelations. What we reported, accurately, was that the Snowden files showed how the agency had in some cases \u201cmasqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target\u2019s computer and exfiltrate files from a hard drive.\u201d The source for that detail was not plucked from thin air; it was rooted in multiple documents<\/a> that refer to the technique in action, including the internal NSA animation<\/a> that we published.<\/p>\n

A particular short excerpt from one of the classified documents, however, has taken on new significance due to the NSA\u2019s statement. The excerpt is worth drawing attention to here because of the clarity of the language it uses about the Facebook tactic and the light it shines on the NSA\u2019s denial. Referencing the NSA\u2019s Quantum malware initiative, the document, dated April 2011, explains how the NSA \u201cpretends\u201d to be Facebook servers to deploy its surveillance \u201cimplants\u201d on target\u2019s computers:<\/p>\n

\"nsa<\/a><\/p>\n

It is difficult to square the NSA secretly saying that it \u201cpretends to be the Facebook server\u201d while publicly claiming that it \u201cdoes not use its technical capabilities to impersonate U.S. company websites.\u201d Is the agency making a devious and unstated distinction in its denial between \u201cwebsites\u201d and \u201cservers\u201d? Was it deliberate that the agency used the present tense \u201cdoes not\u201d in its denial as opposed to the past tense \u201cdid not\u201d? Has the Facebook QUANTUMHAND technique been shut down since our report? Either way, the language used in the NSA\u2019s public statement seems highly misleading \u2013 which is why several<\/a> tech<\/a> writers<\/a> have rightly treated it with skepticism.<\/p>\n

The same is true of the NSA\u2019s denial that it has not \u201cinfected millions of computers around the world with malware\u201d as part of its hacking efforts. Our report never actually accused the NSA of having achieved that milestone. Again, we reported exactly what the NSA\u2019s own documents say: that the NSA is <\/b>working to \u201c<\/b>aggressively scale\u201d its computer hacking missions and has built a system called TURBINE that it explicitly states<\/a> will \u201callow the current implant network to scale to large size (millions of implants<\/i>).\u201d Only a decade ago, the number of implants deployed by the NSA was in the hundreds, according to the Snowden files. But the agency now reportedly manages a network of between 85,000<\/a> and 100,000<\/a> implants in computers systems worldwide<\/a> \u2013 and, if TURBINE\u2019s capabilities and the NSA\u2019s own documents are anything to go by, it is intent on substantially increasing those numbers.<\/p>\n

The rapid proliferation of these hacking techniques in the past decade, under cover of intense secrecy, is extraordinary and unprecedented. The NSA insists in its denial that its hacking efforts are not \u201cindiscriminate.\u201d Yet how the agency defines \u201cindiscriminate\u201d in this context remains unclear. The Intercept<\/i> asked the NSA to clarify some of these issues for this post. Does the agency deny that it has used the QUANTUMHAND method to pretend to be a Facebook server<\/i> in order to deploy malware implants? How does the NSA distinguish \u201cindiscriminate\u201d from \u201cdiscriminate\u201d? In what specific legal, policy, and operational context does the implants system function? The agency declined to answer all of these questions. Instead, spokeswoman Vanee\u2019 Vines said that the NSA stood by its original statement, adding only that \u201cunauthorized and selective publication\u201d of the documents \u201cmay lead to incorrect assumptions.\u201d<\/p>\n

The NSA\u2019s outgoing chief has claimed<\/a> that the agency supports increased transparency in the wake of the Snowden leaks \u2013 but its response to the latest disclosures illustrates that it is failing to live up to that commitment. If the NSA truly wants to gain citizens\u2019 trust, it should rethink its slippery public relations strategy. A good first step would be to stop issuing dubious denials that seem to sit so starkly at odds with what its officials were saying in secret when they thought nobody would ever learn about what they were doing.<\/p>\n

__________________________<\/p>\n

Ryan Gallagher is a Scottish journalist whose work at <\/i>The Intercept<\/em> is focused on government surveillance, technology, and civil liberties. His journalism has appeared in publications including <\/i>Slate<\/em>, the<\/i> Guardian<\/em>, <\/i>Ars Technica<\/em>, <\/i>Huffington Post<\/em>, the <\/i>Sydney Morning Herald<\/em>, the <\/i>Financial Times<\/em>, the <\/i>Independent<\/em>, and the <\/i>New Statesman<\/em>. Since 2011, Ryan has broken a series of national and international stories about controversial surveillance technologies, shining a light on spy agencies and uncovering links between Western technology firms and governments in repressive countries. He took home an award for his reporting at the 2013 Information Security Journalism Awards and he has received acclaim for his writing on a diverse range of subjects, encompassing everything from the FBI\u2019s attempted infiltration of WikiLeaks to mass protests in Madrid and homelessness in England. Most recently, Ryan has been reporting from Rio de Janerio on the cache of secret files leaked by former National Security Agency contractor Edward Snowden.<\/i><\/p>\n

Go to Original \u2013 firstlook.org<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

On Wednesday [12 Mar 2014], Glenn Greenwald and I revealed new details that the NSA secretly pretended to be a fake Facebook server in order to covertly infect targets with malware \u201cimplants.\u201d This revelation apparently infuriated Facebook founder Mark Zuckerberg so much that he got on the phone to President Barack Obama to complain about it.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[],"class_list":["post-41060","post","type-post","status-publish","format-standard","hentry","category-whistleblowing-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/41060","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=41060"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/41060\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=41060"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=41060"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=41060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}