New documents have surfaced that demonstrate the National Security Agency tricked computer users into believing they were Facebook in order to install malicious code on the computer. The attacks gave access to the microphone and camera on the infected computers. The documents show that such a technique was used on millions of computers around the world.
As part of its efforts to install malware on “millions” of computers worldwide, the National Security Agency impersonated Facebook to trick targets into downloading malicious code.
“In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive,” reports The Intercept in its latest expose based on top-secret documents obtained by Edward Snowden.
“[The NSA] has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.”
The Facebook trick was called QUANTUMHAND by the NSA, and was initially tested on “about a dozen targets” before being launched on a larger scale in 2010, the documents show.
What began as a way to hit “hart-to-reach” targets – around 100 to 150 of them, as of 2004 – the NSA’s malware-spreading efforts have since proliferated to potentially millions of computers around the globe using an automated system known internally as TURBINE. Using TURBINE, documents reveal, gave members of the NSA’s Tailored Access Operations (TAO) unit the ability to tap into, or destroy, computers on a massive scale.