The Future Is Here
We may earn a commission from links on this page

The NSA Has Impersonated Facebook To Spread Malware

We may earn a commission from links on this page.

So the NSA is spying on you. You've known that for quite some time now. What you might not know much about is exactly how they're doing, and a new report from Ryan Gallagher and Glenn Greenwald offers up some pretty grizzly details about the agency's worldwide, automated malware network.


Did you know, for instance, that the NSA pretends to be Facebook sometimes? As Gallagher and Greenwald report, "In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target's computer and exfiltrate files from a hard drive." That's a little extra worrisome when you consider the fact that Facebook has Like buttons spread across the entire internet, giving the NSA that many more chances for its malware to burrow into your hard drive.

This effort and the others described in the report are lead by the NSA's elite Tailored Access Operations (TAO) unit. We've heard about this unit before. Last year, Der Spiegel published an exposée on TAO, which one Gizmodo writer described as a "premier ninja hacking squad." The new report has some new details, including some on the specific tools the NSA uses to spy on you and your friends… and potential terrorists, too:

An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer's microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer's webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.


So again, we knew that the NSA could tap into your computer's microphone. We also knew that the agency could access your camera and your log in details. The keystroke-logging thing actually sounds new, but nothing is surprising any more. The really alarming thing is just how detailed and well thought out this whole malware infection project has been. Didn't it cross anyones mind that masquerading as a Facebook server might be a bad idea?

There are no bad ideas at the NSA. Or so it seems. [The Intercept]

Update: It looks like Mark Zuckerberg noticed the news about the NSA pretending to be Facebook servers because hejust posted a rare note on his profile. The Facebook founder more or less scolds the government for screwing up the internet and humblebrags a little bit:

I've called President Obama to express my frustration over the damage the government is creating for all of our future. Unfortunately, it seems like it will take a very long time for true full reform.