NSA infects computers with malware using faked Facebook


NSA: Riding on Facebook's horse tail.

The U.S. National Security Agency (NSA) is once again close to denying reports that it is indiscriminately monitoring every computer on planet Earth. This time, the freshest, newest, most recent report of NSA mass-surreptitiousness (courtesy Edward Snowden -- ta) alleges the sneaky agency infects computers with malware via a fake Facebook (NASDAQ:FB) login page.

In IT Blogwatch, bloggers play keep-away with the man-in-the-middle.

Filling in for our humble blogwatcher Richi Jennings, is a humbler Stephen Glasskeys.


Lucian Constantin works hard to control everything:

The [NSA] has reportedly been working for the past several years...to infect computers with surveillance malware and creating a command-and-control infrastructure capable of managing millions of compromised systems at a time.  MORE


But Grant Gross is sick of infected computers:

U.S. lawmakers had a chance to pose questions to the director of the [NSA] on Wednesday but declined to ask him about...agency plans to install malware on millions of computers.  MORE


And Ryan Gallagher and Glenn Greenwald intercept implants:

[Classified files provided by] NSA whistleblower Edward Snowden contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware "implants."


The automated system -- codenamed TURBINE -- is designed to "allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually."  MORE


Causing turmoil, Iain Thomson identifies targets:

TURBINE was active from at least July 2010...documents state, and has infected up to 100,000 devices and machines, with more planned.


TURBINE also links into a NSA sensor system dubbed TURMOIL, which taps into computer networks...to monitor data traffic and identify potential targets.  MORE


Cyberpunk Stephen Shankland gets an implant:

Getting implants onto machines involved an array of deceptions: fake Facebook Web pages, spam emails, [and] man-in-the-middle attacks that would "shoot" bogus data at a target's computer when the NSA detected it was visiting a Web site the NSA could spoof.  MORE


And Kevin Poulsen gets jealous:

The NSA doesn't just hack foreign computers. It also piggybacks on the work of professional for-profit hackers, taking over entire networks of already-hacked machines and using them for their own purposes.  MORE


Joshua Kopstein shoots, misses, and scores:

[Reports of TURBINE suggest] that the NSA's tailored-access platform is becoming a bit more like the un-targeted dragnets everyone has been so upset about...stuff like the mass-collection of phone metadata, [and] tapping of undersea Internet cables.  MORE


Meanwhile, Matt Swider denies everything:

Simply logging into Facebook, or what you thought was Facebook, could have been enough to open your computer up to the [NSA's] eavesdropping schemes.


Facebook denied knowledge of this NSA "man in the middle" spy program and [said] that this sort of malware attack method is no longer viable.  MORE

Computerworld Blogs Newsletter

Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.  

Copyright © 2014 IDG Communications, Inc.

Shop Tech Products at Amazon