The NSA Has Impersonated Facebook to Spread Malware

By Adam Clark Estes on at

So the NSA is spying on you. You've known that for quite some time now. What you might not know much about is exactly how they're doing, and a new report from Ryan Gallagher and Glenn Greenwald offers up some pretty grizzly details about the agency's worldwide, automated malware network.

For instance: the NSA pretends to be Facebook sometimes. As Gallagher and Greenwald report: "In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target's computer and exfiltrate files from a hard drive". That's a little extra worrisome when you consider the fact that Facebook has 'Like' buttons spread across the entire internet, giving the NSA that many more chances for its malware to burrow into your hard drive.

This effort and the others described in the report are lead by the NSA's elite Tailored Access Operations (TAO) unit. We've heard about this unit before. Last year, Der Spiegel published an exposé on TAO, which one Gizmodo writer described as a "premier ninja hacking squad." The new report has some new details, including some on the specific tools the NSA uses to spy on you and your friends… and potential terrorists, too:

An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer's microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer's webcam and snap photographs. FOGGYBOTTOM records logs of internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.

So again, we knew that the NSA could tap into your computer's microphone. We also knew that the agency could access your camera and your log in details. The keystroke-logging thing actually sounds new, but nothing is surprising any more. The really alarming thing is just how detailed and well thought out this whole malware infection project has been. Didn't it cross anyones mind that masquerading as a Facebook server might be a bad idea?

There are no bad ideas at the NSA. Or so it seems. [The Intercept]