NSA Responds to Facebook and Malware Injection Report

NEWS ANALYSIS: Is the NSA impersonating Facebook to infect targets? One report alleges that it "masqueraded as a fake Facebook server" to get access to targets and infect them.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Once again, media reports have surfaced alleging that the U.S. National Security Agency is overstepping its authority and is using its technology to get data from Internet users around the world.

As has been the case since June 2013, the allegation about the NSA's activities is derived from data obtained from NSA whistleblower Edward Snowden. The most recent disclosure appeared in The Intercept, a new publication started up by Glen Greenwald, who was the journalist that Snowden first met with to reveal NSA activities while Greenwald was working for the Guardian.

According to the report, the NSA has an effort code-named "Turbine" that seeks to infect users worldwide with malware in a bid to create a botnet that the NSA controls to exfiltrate information.

Going a step further, The Intercept report alleges that the NSA "masqueraded as a fake Facebook server" as a way to get access to targets and infect them.

It's an allegation that Facebook founder Mark Zuckerberg takes very seriously. In a post on Facebook, Zuckerberg expressed his frustration with the U.S. government over its surveillance activities. He noted that he also directly called President Obama to share his views.

"The U.S. government should be the champion for the Internet, not a threat," Zuckerberg wrote. "They need to be much more transparent about what they're doing, or otherwise people will believe the worst."

In a public statement issued by the NSA, the intelligence agency denied the allegations about widespread malware infection activities and defended its actions.

"NSA uses its technical capabilities only to support lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities," the NSA stated. "NSA does not use its technical capabilities to impersonate U.S. company websites. Nor does NSA target any user of global Internet services without appropriate legal authority.

"Reports of indiscriminate computer exploitation operations are simply false," the NSA statement added.

What's important to note about the NSA statement is that the agency does not deny its technical capabilities; rather, it denies that it is using its capabilities in any indiscriminate and unlawful manner. We should not forget that the NSA currently considers its bulk metadata collection efforts, known as PRISM, to be lawful as well. The question of legality is a touchy one and one that the U.S. judicial authorities should ultimately decide.

Legality issues aside, the size of the Turbine botnet is non-trivial. Lucas Zaichkowsky, enterprise defense architect at AccessData, told eWEEK that previous leaked information from Snowden shows that an estimated 85,000 to 100,000 systems are compromised as a part of Turbine.

"That’s an extremely large botnet, so it surprises me that it hasn't been discovered," Zaichkowsky said. "It's possible that an already known botnet is actually Turbine."

As I've written before, when new NSA capabilities are revealed from the Snowden documents, none of us should really be surprised anymore. Simply put, the NSA has nearly every angle imaginable covered to infiltrate, collect and exfiltrate data from nearly whatever target it chooses.

What is surprising is that today, after eight months of regular disclosures from the Snowden files, there are still more things yet to be revealed and still more capabilities likely to be disclosed.

The process within the U.S. government to try to reform its intelligence efforts is already under way, and Obama has already made his position known. What remains to be seen is what changes will actually occur and how this most recent disclosure, as well as any future Snowden disclosures, affects the pace and makeup of U.S. intelligence reforms.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.