NSA pretended to be Facebook in its effort to infect ‘millions’ of computers

facebook eyeDigital Trends – by Andrew Couts

Well, this is just special. As part of its efforts to install malware on “millions” of computers worldwide, the National Security Agency impersonated Facebook to trick targets into downloading malicious code.

“In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive,” reports The Intercept in its latest on top-secret documents obtained by Edward Snowden. “In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.”  

The Facebook trick was called QUANTUMHAND by the NSA, and was initially tested on “about a dozen targets” before being launched on a larger scale in 2010, the documents show.

What began as a way to hit “hart-to-reach” targets – around 100 to 150 of them, as of 2004 – the NSA’s malware-spreading efforts have since proliferated to potentially millions of computers around the globe using an automated system known internally as TURBINE. Using TURBINE, documents reveal, gave members of the NSA’s Tailored Access Operations (TAO) unit the ability to tap into, or destroy, computers on a massive scale.

Here’s how The Intercept’s Ryan Gallagher and Glenn Greenwald describe some of the various tailored malware the NSA deploys into targeted machines:

One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer.

An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.

The documents also indicate that some of these viruses disable targets’ ability to use encryption software to mask Internet activity or send emails privately. This and other malware efforts are part of what the NSA documents call its “Owning the Net” program.

Read more: http://www.digitaltrends.com/web/nsa-pretended-facebook-spread-malware/#ixzz2vrESJKcY
Follow us: @digitaltrends on Twitter | digitaltrendsftw on Facebook

4 thoughts on “NSA pretended to be Facebook in its effort to infect ‘millions’ of computers

  1. I know a lot of people that have a facebook page, and I had started one to talk with family that is away, against my wishes. I never added anything to it, then I deleted it. Thank God!!! It just makes it easier on “them” to track everything you do, it puts all your info at their fingertips. Stay away from all social media!!!!

    1. Hey Missy. wife uses it for communication with a few family friends. told her to not post any profile info or anything else. she gets on it about once every 2 wks. I dont belong to any social media accept for skype to communicate with a family member. However i see to it that nothing malignant is discussed. i have always felt that social media is an info gatherer.

  2. I treat ALL the social media like 7UP….

    Never have, never will.
    (from an old commercial, in case you’re lucky enough to be too young to remember it).

    I don’t consider FTT to be a social media, at least not within the context of their frame of reference.

Join the Conversation

Your email address will not be published. Required fields are marked *


*