The latest report from Glenn Greenwald, the man who first interviewed Edward Snowden, and partner, Ryan Gallagher, highlights that the NSA has previously masqueraded as Facebook, using a fake server to infect users’ computers with malware as well as extracted files from their hard drives.
Image via Gizmodo
Using a technique codenamed QUANTUMHAND, the agency beat Facebook’s server response and diverted traffic to a fake Facebook.com URL faster before the actual website’s data packets could be exchanged. What’s most frightening is that QUANTUMHAND is undetected by contemporary anti-viruses, allowing the NSA to leisurely phish for information before transmitting malicious data-packets that commandeer access to the users’ computer. The comprehensive video below illustrates the technique in effect.
QUANTUMHAND is an example of a term known in the cyber-security sphere as a “man-in-the-middle attack,” with the NSA’s approach veering on heightened sophistication and aggression. By secretly embedding itself mid-communication, the agency can not only observe and redirect browsing, but actually modify the data packets mid-transmission to change contents of messages being sent across Facebook and other forms of communication. To an even larger extent, the myriad of Facebook “like” buttons spread across the internet multiplies the NSA’s chances of reaching their intended target.
A typical “man-in-the-middle attack” phishing attack on social media sites is usually spotted by the illegitimate URL that browsers are redirected to; examples include sFacebook.com, Faceboook.com, facebook.org, or anything of this nature. Once an account is compromised, it will often be used to send hyperlinks embedded with malware to contacts on the account’s friend-list.
In a discussion with The Intercept, surveillance and cryptography expert at the University of Pennsylvania, Matt Blaze, illustrates his belief that QUANTUMHAND is probably aimed at specific targets, but he is nevertheless concerned that the technique may already be embedded into the larger Internet as a whole, on account of the NSA’s automated TURBINE system. The TURBINE allegedly infected millions of computers with malware, according to other documents leaked by Edward Snowden.
“As soon as you put this capability in the backbone infrastructure, the software and security engineer in me says that’s terrifying,” states Blaze. “Forget about how the NSA is intending to use it. How do we know it is working correctly and only targeting who the NSA wants? And even if it does work correctly, which is itself a really dubious assumption, how is it controlled?” The question to ponder is: what do these gigantic information gathering measures signify?
When The Intercept contacted Facebook for a statement on the matter, spokesman Jay Nancarrow indicated that the company has no evidence of any URL hijacking attempts, stating that Facebook implemented HTTPS encryption last year, protecting users against malware attacks.
Story via The Intercept
Advertisement
Learn more about Electronic Products Magazine
