Report: NSA allegedly posed as Facebook to steal data

Tools

New documents have emerged that point to the U.S. National Security Agency impersonating Facebook servers to hack into and steal data from targeted computers. The process was depicted in a one minute "top secret" video that showed what is known as a man-on-the-side attack, one of several techniques used by the NSA to conduct its mass surveillance.

"NSA does not use its technical capabilities to impersonate U.S. company websites. Nor does NSA target any user of global Internet services without appropriate legal authority," says the NSA in its response to the allegations. "Reports of indiscriminate computer exploitation operations are simply false."

Of course, the carefully crafted response did not actually deny the attack, but merely states that everything was done in accordance to the "appropriate legal authority." According to a Facebook spokesman, the attack depicted in the video won't work now, due to the company enforcing the use of encryption since last year.

Facebook CEO Mark Zuckerberg isn't taking it lightly though, and has apparently called President Obama over the matter. In a public Facebook post on Thursday, Zuckerberg says that he was "confused and frustrated" by the behavior of the U.S. government.

"When our engineers work tirelessly to improve security, we imagine we're protecting you against criminals, not our own government," he wrote. The post has since garnered over 25,000 shares and 200,000 likes at the time of writing.

The Fierce Take: This matter is relevant to enterprises, since employees will access external websites--including social networking sites--in the office. Computers may be wrongly targeted and have their data siphoned off, while other state actors could well replicate these attacks in a bid to make off with confidential technical knowhow.

For more:
- check out this blog at the Wall Street Journal
- check out this article at Ars Technica

Related Articles:
Snowden bested NSA with low-tech tool
How the FBI, NSA plant backdoors in commercial software

Filed Under