The NSA on Thursday responded to media reports that it has been impersonating Facebook and other sites in order to compromise surveillance targets’ machines, saying that the agency “does not use its technical capabilities to impersonate U.S. company websites.”

It is relatively rare for the NSA to respond directly to reports about its technical capabilities or surveillance methods, even considering the massive volume of reports that have come out in the last nine months about the agency. On Wednesday, The Intercept, citing documents supplied by NSA leaker Edward Snowden, reported that the agency sometimes impersonated Facebook servers as a way to attract targets. The operation was part of a plan to infect millions of machines with the agency’s special brand of malware, according to the report.

It’s well-known that the NSA’s Tailored Access Operations (TAO) unit, which does much of the agency’s offensive work, has a wide range of technical capabilities at its disposal. Typically the unit’s efforts are deployed in small, targeted operations. But the allegation that the agency is now performing large-scale compromises of machines changes that equation.

However, the NSA said in a statement that the allegations are false and that the agency does not perform broad, indiscriminate exploitation operations.

“Recent media reports that allege NSA has infected millions of computers around the world with malware, and that NSA is impersonating U.S. social media or other websites, are inaccurate. NSA uses its technical capabilities only to support lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities. Technical capability must be understood within the legal, policy, and operational context within which the capability must be employed,” the statement from the NSA Public Affairs Office says.

A good portion of the discussion around the NSA revelations of the last few months has involved whether the agency has overstepped its bounds and abandoned its legal mission of conducting foreign intelligence operations. U.S. citizens are supposed to be off-limits for NSA operations, except in specific circumstances. The agency says that reports that its officers don’t target users indiscriminately.

“NSA’s authorities require that its foreign intelligence operations support valid national security requirements, protect the legitimate privacy interests of all persons, and be as tailored as feasible. NSA does not use its technical capabilities to impersonate U.S. company websites. Nor does NSA target any user of global Internet services without appropriate legal authority. Reports of indiscriminate computer exploitation operations are simply false,” the statement says.

 

Categories: Government, Privacy, Web Security

Comments (5)

  1. Moose
    2

    Zuckerberg called Obama to whine, not about our privacy of course because he doesn’t give a rats arse about that, he’s whining that this bad press is hurting his company.

    Lets face it, every U.S. company, and likely all those in the Five Eyes, are being contacted by the NSA and other government agencies to in some fashion, before they make and distribute products, to compromise our sense of privacy and security with them.

    Ford, Google, Apple, Facebook, OnStar, cell phone carriers, router makers, printer makers (see > “Seeing Yellow Dots?”) etc., they are all our enemy.

    Stop giving them money and they will die.

    Buy only dumb devices, they do the job and don’t require a software update that will pawn you or prematurely fail due to software bloat.

    Reply
    • Kamran
      4

      As believable as saying the Americans don’t kill innocent civilians and children in their wars against countries they invade.

      Reply
  2. a
    5

    The reference to US companies or social sites is rather telling. Sites in other countries are certainly not covered.

    Reply

Leave A Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>