US National Security Agency

NSA posed as Facebook to infect computers with malware, says report

PUBLISHED : Thursday, 13 March, 2014, 11:11pm
UPDATED : Friday, 14 March, 2014, 4:01am

The United States' National Security Agency has reportedly used automated systems to infect computers with malware since 2010, with the agency at times pretending to be Facebook to install its spying tools.

The NSA has been using a program codenamed Turbine to contaminate computers and networks with malware "implants" capable of spying on users, according to news website The Intercept, which cited documents provided by whistle-blower Edward Snowden.

Between 85,000 and 100,000 of these implants had been deployed worldwide thus far, the report said.

The federal agency performed what is known as a "man-on-the-side" attack, in which it tricked users' computers into thinking that they were accessing real Facebook servers.

Once the user had been fooled, the NSA hacked into the user's computer and extracted data from the hard drive.

Facebook said it had no knowledge of the NSA's Turbine program, according to the National Journal. It said it was no longer possible for the NSA or hackers to attack users that way, but Facebook warned that other websites and social networks may still be vulnerable to those types of attacks.

"This method of network-level disruption does not work for traffic carried over HTTPS, which Facebook finished integrating by default last year," Facebook told the National Journal. "If government agencies indeed have privileged access to network service providers, any site running only HTTP could conceivably have its traffic misdirected."

Other ways the NSA infects computers with malware include sending out spam e-mails.

The NSA is capable of installing different kinds of malware, each capable of performing different tasks.

According to the report, certain malware can use a computer's microphone to record audio and webcam to take photos; record a computer's internet browsing history; record login details and passwords used for web services; log users' keystrokes; and extract data from flash drives when they are plugged into infected computers.

When the NSA first began infecting computers with malware in 2004, it would do so manually, according to the report. At that time, only between 100 and 150 implants had been deployed.