Simply logging into Facebook, or what you thought was Facebook, could have been enough to open your computer up to the National Security Agency’s eavesdropping schemes.
The US intelligence organization reportedly masqueraded as a fake Facebook server to infect computers and extract files from a target’s hard drive.
The NSA sent malicious data packets to these targets to trick their computers into thinking it was the real Facebook, according to The Intercept citing top secret government documents.
These malware "implants" are said to have been deployed on anywhere between 85,000 and 100,000 computers and networks, with the intention of infecting millions around the world.
While the NSA spearheaded the operating, British counterpart GCHQ reportedly played an integral role in developing these tactics and the idea had been shared with the UK, Canada, New Zealand and Australia.
Facebook’s HTTPS response
Facebook denied knowledge of this NSA "man in the middle" spy program and told The Intercept that this sort of malware attack method is no longer viable.
That’s because the social network implemented HTTPS encryption for all users last year after first making it available in 2011.
But when one back door closes, the government looks for another opening. Before Facebook, the same NSA documents reveal that the agency used spam emails that tricked targets with similar results.
Clicking on malicious links infected their computers within eight seconds. The only problem was that these unsolicited email methods became less successful. Hence the move to Facebook.
It’s clear that the NSA sees these programs as invaluable tools that can siphon hard drive data and, in some cases, even record audio from a computer’s microphone or take photos via a webcam.
The agency is likely to continue to hack computers and corrupt targeted computers through the next vulnerability it finds.
- Read: What’s next to infect? Google Glass?