NSA Hits Out At ‘False’ Mass Hacking Allegations

The National Security Agency (NSA) has denied new media reports that it is overstepping its authority and is using its technology to get data from Internet users around the world.

The allegations about the NSA’s activities have once again been derived from data obtained from NSA whistleblower Edward Snowden.

Zuckerberg Frustration

The most recent disclosure appeared in The Intercept, a new publication started up by Glen Greenwald, who was the journalist that Snowden first met with to reveal NSA activities while Greenwald was working for the Guardian.

According to the report, the NSA has an effort code-named “Turbine” that seeks to infect users worldwide with malware in a bid to create a botnet that the NSA controls to exfiltrate information.

Going a step further, The Intercept report alleges that the NSA “masqueraded as a fake Facebook server” as a way to get access to targets and infect them.

It’s an allegation that Facebook founder Mark Zuckerberg takes very seriously. In a post on Facebook, Zuckerberg expressed his frustration with the US government over its surveillance activities. He noted that he also directly called President Obama to share his views.

“The US government should be the champion for the Internet, not a threat,” Zuckerberg wrote. “They need to be much more transparent about what they’re doing, or otherwise people will believe the worst.”

False Allegations

In a public statement issued by the NSA, the intelligence agency denied the allegations about widespread malware infection activities and defended its actions.

“NSA uses its technical capabilities only to support lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities,” the NSA stated. “NSA does not use its technical capabilities to impersonate US company websites. Nor does NSA target any user of global Internet services without appropriate legal authority.

“Reports of indiscriminate computer exploitation operations are simply false,” the NSA statement added.

What’s important to note about the NSA statement is that the agency does not deny its technical capabilities; rather, it denies that it is using its capabilities in any indiscriminate and unlawful manner. The NSA currently considers its bulk metadata collection efforts, known as PRISM, to be lawful as well.

The size of the Turbine botnet is non-trivial. Lucas Zaichkowsky, enterprise defence architect at AccessData, told eWEEK that previous leaked information from Snowden shows that an estimated 85,000 to 100,000 systems are compromised as a part of Turbine.

“That’s an extremely large botnet, so it surprises me that it hasn’t been discovered,” Zaichkowsky said. “It’s possible that an already known botnet is actually Turbine.”

What do you know about Internet security? Find out with our quiz!

Originally published on eWeek.