Facebook - The Perfect Mass Surveillance Tool
How the NSA & FBI Made Facebook The Perfect Mass Surveillance Tool
The National Security Agency and the FBI teamed up in October 2010 to develop techniques for turning Facebook into a surveillance tool.
Documents released alongside security journalist Glenn Greenwald’s new book, “No Place To Hide,” reveal the NSA and FBI partnership, in which the two agencies developed techniques for exploiting Facebook chats, capturing private photos, collecting IP addresses, and gathering private profile data.
According to the slides below, the agencies’ goal for such collection was to capture “a very rich source of information on targets,” including “personal details, ‘pattern of life,’ connections to associates, [and] media.”
NSA documents make painfully clear how the agencies collected information “by exploiting inherent weaknesses in Facebook’s security model” through its use of the popular Akamai content delivery network. The NSA describes its methods as “assumed authentication,” and “security through obscurity.”
The slide below shows how the NSA and U.K. spy agency GCHQ also worked together to “obtain profile and album images.”
Two months ago, following a series of Facebook-related NSA spying leaks, Facebook chief Mark Zuckerberg stated in a blog post that he’s “confused and frustrated by the repeated reports of the behavior of the U.S. government.”
According to a report by The Intercept, the above slides do not reveal the NSA’s Facebook surveillance program in full. The report states that the NSA also “disguises itself as a fake Facebook server” to perform "man-in-the-middle" and “man-on-the-side” attacks and spread malware [below].
How the NSA Secretly Masqueraded as Facebook to Hack Computers for Surveillance from First Look Media on Vimeo.
As we wrote at the time, the “NSA’s Facebook targeting is reportedly a response to the declining success of other malware injection techniques. Previous techniques included the use of “spam emails that trick targets into clicking a malicious link.”
Following the report, released in March, Zuckerberg said, “When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government.”
Zuckerberg claimed he disapproved of the NSA’s actions and said that he’s spoken to president Barack Obama by phone to “express [his] frustration over the damage the government is creating for all of our future.”
VentureBeat has reached out to both Akamai and Facebook for comment on the matter.
Update - Facebook and Akamai responded to VentureBeat’s report:
Four years ago the NSA and FBI turned Facebook into a vehicle for mass surveillance.
In order to gain access to the private Facebook photos of targets, NSA slides allege that the two government agencies went after Facebook’s content delivery network (CDN), Akamai.
Documents released by security journalist Glenn Greenwald make clear how the agencies collected information “by exploiting inherent weaknesses in Facebook’s security model,” through a collaboration which began in October 2010, and was declared successful by the two agencies six months later.
In response to VentureBeat’s report on the matter, a Facebook spokesperson claimed that the company doesn’t “have any evidence of these allegations.” Yet, in an email the company went on to emphasize that the slides are not new, and that in recent years Facebook’s “security technology improved in many important ways.”
A photo composition of National Security Agency headquarters in Maryland, U.S.
Image Credit: Wikipedia & Harrison Weber / VentureBeat
While sharing various security improvements, the Facebook spokesperson highlighted Facebook’s revised image upload URL structure — a change which sits at the heart of the controversy.
Akamai, tight-lipped, told VentureBeat the following: “while we can’t comment on specific customer configurations, to our knowledge there was no vulnerability on the Akamai CDN.” The firm’s denial went much further than this, however. In our discussions with Akamai, all vulnerabilities appeared to point towards Facebook’s image upload URL structure — not Akamai’s CDN.
The firm acknowledged that the photos, according to the leaked slides, were retrieved from Akamai’s CDN, yet insisted that such a circumstance could have occurred regardless of which CDN or caching capabilities were utilized by Facebook.
Further complicating the issue, however, is the lack of details in the NSA’s slides, one of which [above] appears to implicate Akamai as a direct target of NSA mass surveillance.
Comments