The NSA on Thursday responded to media reports that it has been impersonating Facebook and other sites in order to compromise surveillance targets’ machines, saying that the agency “does not use its technical capabilities to impersonate U.S. company websites.”
It is relatively rare for the NSA to respond directly to reports about its technical capabilities or surveillance methods, even considering the massive volume of reports that have come out in the last nine months about the agency. On Wednesday, The Intercept, citing documents supplied by NSA leaker Edward Snowden, reported that the agency sometimes impersonated Facebook servers as a way to attract targets. The operation was part of a plan to infect millions of machines with the agency’s special brand of malware, according to the report.
It’s well-known that the NSA’s Tailored Access Operations (TAO) unit, which does much of the agency’s offensive work, has a wide range of technical capabilities at its disposal. Typically the unit’s efforts are deployed in small, targeted operations. But the allegation that the agency is now performing large-scale compromises of machines changes that equation.
However, the NSA said in a statement that the allegations are false and that the agency does not perform broad, indiscriminate exploitation operations.
“Recent media reports that allege NSA has infected millions of computers around the world with malware, and that NSA is impersonating U.S. social media or other websites, are inaccurate. NSA uses its technical capabilities only to support lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities. Technical capability must be understood within the legal, policy, and operational context within which the capability must be employed,” the statement from the NSA Public Affairs Office says.
A good portion of the discussion around the NSA revelations of the last few months has involved whether the agency has overstepped its bounds and abandoned its legal mission of conducting foreign intelligence operations. U.S. citizens are supposed to be off-limits for NSA operations, except in specific circumstances. The agency says that reports that its officers don’t target users indiscriminately.
“NSA’s authorities require that its foreign intelligence operations support valid national security requirements, protect the legitimate privacy interests of all persons, and be as tailored as feasible. NSA does not use its technical capabilities to impersonate U.S. company websites. Nor does NSA target any user of global Internet services without appropriate legal authority. Reports of indiscriminate computer exploitation operations are simply false,” the statement says.