NSA Denies Everything About Latest Intercept Leak, Including Denying Something That Was Never Claimed

from the let's-play-word-games-with-the-NSA dept

Fri, Mar 14th 2014 9:34am — Tim Cushing

The recent leaks published at Glenn Greenwald's new home, The Intercept, detailed the NSA's spread of malware around the world, with a stated goal of sabotaging "millions" of computers. As was noted then, the NSA hadn't issued a comment. The GCHQ, named as a co-conspirator, had already commented, delivering the usual spiel about legality, oversight and directives -- a word salad that has pretty much replaced "no comment" in the intelligence world.

The NSA has now issued a formal statement on the leaks, denying everything -- including something that wasn't even alleged. In what has become the new "no comment" on the NSA side, the words "appropriate," "lawful" and "legitimate" are trotted out, along with the now de rigueur accusations that everything printed (including, apparently, its own internal documents) is false.

Recent media reports that allege NSA has infected millions of computers around the world with malware, and that NSA is impersonating U.S. social media or other websites, are inaccurate. NSA uses its technical capabilities only to support lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities. Technical capability must be understood within the legal, policy, and operational context within which the capability must be employed.

NSA's authorities require that its foreign intelligence operations support valid national security requirements, protect the legitimate privacy interests of all persons, and be as tailored as feasible. NSA does not use its technical capabilities to impersonate U.S. company websites. Nor does NSA target any user of global Internet services without appropriate legal authority. Reports of indiscriminate computer exploitation operations are simply false.

First off, for the NSA to claim that loading up "millions" of computers with malware is somehow targeted (and not "indiscriminate") is laughable. As for its "national security directive," it made a mockery of that when it proudly announced in its documents that "we hunt sys admins." Targeting telco and ISP systems administrators goes well outside the bounds of "national security." These people aren't suspected terrorists. They're just people inconveniently placed between the NSA and its goal of "collecting it all."

Last, but not least, the NSA plays semantic games to deny an accusation that was never made, calling to mind Clapper's denial of a conveniently horrendous translation of a French article on its spying efforts there.

NSA does not use its technical capabilities to impersonate U.S. company websites.

This "denial" refers to this portion of The Intercept's article.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive...

In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive.

The NSA's own documents say that QUANTUMHAND "exploits the computer of a target that uses Facebook." The man-on-the-side attack impersonates a server, not the site itself. The NSA denies impersonating sites, but that's not what The Intercept said or what its own documents state. This animated explanation, using the NSA's Powerpoint presentation, shows what the attack does -- it tips the TURBINE servers, which then send the malware payload before the Facebook servers can respond. To the end user, it looks as though Facebook is just running slowly.

When the NSA says it doesn't impersonate sites, it truly doesn't. It injects malware by beating Facebook server response time. It doesn't serve up faux Facebook pages; it simply grabs the files and data from compromised computers. The exploit is almost wholly divorced from Facebook itself. The social media site is an opportunity for malware deployment, and the NSA doesn't need to impersonate a site to achieve its aims. This is the NSA maintaining deniability in the face of damning allegations -- claiming something was said that actually wasn't and resorting to (ultimately futile) attempts to portray journalists as somehow less trustworthy than the agency.

2014 03 14 Press Allegations Response (PDF)2014 03 14 Press Allegations Response (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: denial, injections, malware, man on the side, nsa, surveillance
Companies: facebook

28 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

sorrykb (profile), 14 Mar 2014 @ 9:39am

Denial = Confirmation?
NSA does not use its technical capabilities to impersonate U.S. company websites.

At this point, the mere fact that the NSA denies doing something is almost enough to convince me that they are doing it.

I'm trying not to be paranoid. They just make it so difficult.
[ link to this | view in thread ]
Anonymous Coward, 14 Mar 2014 @ 9:46am

The NSA as twisted and stretched the meaning of words to the point that everything they say is so misleading, that their words no longer carry any weight in credibility.
[ link to this | view in thread ]
Anonymous Coward, 14 Mar 2014 @ 9:48am

Re: Denial = Confirmation?
considering how much access they seemed to have I think it is entirely possible for them to do that. And the criminal energy to do it definitely there as well.

By now you have to assume the worst when it comes to them, and once the truth comes out it tends to paint and even worse picture then what you could imagine.

And there is still the question if facebook and similar sites might be at least funded, if not run by intelligence agencies alltogether. If that is the case that would put this denial in an entirely different light. It would read "We don't impersonate companies. We ARE the companies."...
[ link to this | view in thread ]
Anonymous Coward, 14 Mar 2014 @ 9:49am

My idea was much the same as sorrykb's.

The NSA has already spent its creditability. It wasted it on previous claims of absolutely not doing this or that, followed by days later it being revealed, yeah it did.

I think we've reached the point that we realized that nothing the NSA says will have have the ring of truth about it, even when they are telling the truth.
[ link to this | view in thread ]
Anonymous Coward, 14 Mar 2014 @ 9:57am

I'm not an expert on party word games. But some entrepreneur should make a party word game based on this stuff. If it doesn't exist already.
[ link to this | view in thread ]
Mark Wing, 14 Mar 2014 @ 10:35am

Max level sophistry. I wonder if anyone at the NSA even remembers what the truth is, it's been coated in so many layers of bullshit.
[ link to this | view in thread ]
wto605 (profile), 14 Mar 2014 @ 10:41am

Maybe if we just ask the NSA what they haven't done, they'll "deny" everything they have done.
[ link to this | view in thread ]
FreeCultureForFreePeople, 14 Mar 2014 @ 10:48am

Nor does NSA target any user of global Internet services without appropriate legal authority.

Read:
Nor does NSA target any user of global Internet services without having it rubberstamped by FISA court first.

FTFY.
[ link to this | view in thread ]
Inwoods (profile), 14 Mar 2014 @ 11:05am

It would be truly amusing if the mysterious youtube slowdowns were related to similar tampering. No one seems to know who to blame.
[ link to this | view in thread ]
edpo, 14 Mar 2014 @ 11:10am

NSA Word-Smithing
"When I use a word," Humpty Dumpty said, in a rather scornful tone, "it means just what I choose it to mean - neither more nor less."

"The question is," said Alice, "whether you can make words mean so many different things."

"The question is," said Humpty Dumpty, "which is to be master - that's all."
[ link to this | view in thread ]
Anonymous Coward, 14 Mar 2014 @ 11:17am

We know that the NSA, with the cooperation of the companies involved, has equipment co-located at major backbones and POPs to achieve the goals for QUANTUMHAND, QUANTUMINSERT, and etc.

At what point will we start confronting these companies and pressuring them to discontinue such cooperation? I know it's no easy task, but just as much as the government is reeling from all the public pressure, so too will these companies if we press their hands. Make it affect their bottom line.
[ link to this | view in thread ]
Thefarguy, 14 Mar 2014 @ 11:29am

NSA = Nazi Socialist Asswipes. They are working for the people who will eventually kill them and against the people who will have to fight to free them. What a bunch of fckng idiots.
[ link to this | view in thread ]
art guerrilla (profile), 14 Mar 2014 @ 12:06pm

Re: NSA Word-Smithing
i can not stress this poster's sentiment, as well as voiced in the article itself, of the CHILDISH semantic games the alphabet spooks will play...
they WILL (metaphorically speaking) look you straight in the eye, piss on your leg, and INSIST it is raining; THEN fabricate evidence to 'prove' it was rain...
in my readings about the evil done in our name, with our money, *supposedly* to 'protect and serve' us, by the boys in black, you can NOT UNDERESTIMATE the most simplistic, and -to repeat myself- CHILDISH ways they will LIE AND DISSEMBLE...
they are scum, they are slime, they are NOT the best and the brightest, they are the worst and most immoral...

YOU CAN NOT OVERSTATE THEIR MORAL VACUITY...
we do NOT deserve these pieces of shit...
[ link to this | view in thread ]
Anonymous Coward, 14 Mar 2014 @ 12:44pm

more fun with words...
Full Definition of FOREIGN
1: situated outside a place or country; especially : situated outside one's own country

2: born in, belonging to, or characteristic of some place or country other than the one under consideration

3: of, relating to, or proceeding from some other person or material thing than the one under consideration

4: alien in character : not connected or pertinent

5: related to or dealing with other nations

6a : occurring in an abnormal situation in the living body and often introduced from outside
b : not recognized by the immune system as part of the self

7: not being within the jurisdiction of a political unit (as a state)
[ link to this | view in thread ]
Anonymous Coward, 14 Mar 2014 @ 1:49pm

is techdirt an hack target?
this page of your site tries to run scripts from
google
amazonaws
twitter
facebook
ajax.googleapis
techdirt

and install cookies from
techdirt
imigur

and request resources from
rp-api
vimeo

and install/use tracking beacons from
facebook connect
google +1
gravitar
nativo
quantcast
redit
repost.us
scorecard research beacon
twitter button.

...and who knows what else would run if all that was allowed to proceed. (I'm not going to run them to find out the 2nd level stuff)

for all the great reporting techdirt does on spying/tracking/privacy- you need to get you shit together already with this site; it seams like you're part of the problem. Please explain the technical facts as to why these same types of hacks couldn't be done to your readers through this clusterfuck of off site scripts/beacons/cookies/resources your forcing on people to ignorant to know how to block them.

kudos for keeping the site working without that crap- but ffs, having it on by default makes techdirt seam hypocritical at best.
[ link to this | view in thread ]
Matthew Cline (profile), 14 Mar 2014 @ 1:50pm

As for its "national security directive," it made a mockery of that when it proudly announced in its documents that "we hunt sys admins."

Well, heck, that's easy. Since the computers of the sys admins are just means to an ends, simply define "target" in a way that excludes anyone whose computers are compromised as a means to an end.
[ link to this | view in thread ]
Anonymous mouse, 14 Mar 2014 @ 1:56pm

I seem to remember some articles about why people who don't use Facebook are suspect. To wit,

http://www.forbes.com/sites/kashmirhill/2012/08/06/beware-tech-abandoners-people-without-faceboo k-accounts-are-suspicious/

http://www.dailymail.co.uk/news/article-2184658/Is-joining-Facebook-sign-y oure-psychopath-Some-employers-psychologists-say-suspicious.html

Are these possible signs that the NSA and GHCQ planted those stories?
[ link to this | view in thread ]
Anonymous Coward, 14 Mar 2014 @ 2:09pm

hack target?- amend.
-I posted above on the sites scripts/etc.
perhaps I was a bit harsh/ short sited.

Is there a way you can continue to do your excellent work, and have a reasonably profitable business model, without all those third parties spying on your readers, and the risks your current setup may incur?
[ link to this | view in thread ]
John Fenderson (profile), 14 Mar 2014 @ 3:09pm

Re:
That Daily Mail article is Daily Mail doing it's usual "unintentional parody of the news" schtick, and is by definition bullshit. Also, the only source it cites is the Forbes article you linked to in your comment.

I don' think the DM article was planted, I think it was just the Daily Mail being the Daily Mail.
[ link to this | view in thread ]
John Fenderson (profile), 14 Mar 2014 @ 3:19pm

Re: hack target?- amend.
That whole thing is off topic and unnecessarily verbose. And while you are being hyperbolic, you do have a point.

However, it's also not underhanded -- everyone who doesn't block that stuff plainly sees the ads, social media buttons, and other visible manifestations of the various connections outside the site. It's also the same stuff you see on most major websites these days. Very few people are utterly ignorant about what's going on for very long. These issues are well and widely discussed. Blocking it all is very easy, and people who care pretty quickly learn how to do it.

My own elderly tech-ignorant mother, shortly after she discovered the web when playing with she shiny new computer, called me up to tell me about this awesome thing she found called AdBlock.
[ link to this | view in thread ]
Anonymous Coward, 14 Mar 2014 @ 3:49pm

The fun has yet to really begin
On April 8th, this year, Microsoft will withdraw security patches from Windows XP, leaving computers running it totally vulnerable to such hacks. Anybody want to place bets on the fact that the alphabet soup agencies of our wonderful gummint are going to be first in line to exploit them? Just think what NSA could do with 300,000,000+ computers to play with!
[ link to this | view in thread ]
Anonymous Coward, 14 Mar 2014 @ 4:39pm

rere hack target-amend
Yes your right, it was off topic, and unnecessarily verbose, I apologize; you guys don't deserve that sort of post. I ready several articles before posting that and some emotion had just built up; Things have just been getting to me lately I guess. The idea of those scripts/etc being a targeting/attack vector doesn't feel hyperbolic at all to me, and I wish I knew more/understood it better.
[ link to this | view in thread ]
Anonymous Coward, 14 Mar 2014 @ 9:36pm

NSA does not use its technical capabilities to impersonate U.S. company websites.

I'm willing to bet the NSA doesn't consider Facebook a company. Companies sell products and services. Facebook is just a free website where users can create a profile.
[ link to this | view in thread ]
David Walters, 15 Mar 2014 @ 3:41am

Denials
At this point the American people and the rest of the world would probably believe the NSA was staffed with aliens from Mars if it were published. And, it's not the fault of credulity of the citizens. It's the fault of the NSA's repeated denials being shown to be lies that's at fault.

Truth is a fragile thing.
[ link to this | view in thread ]
Anonymous Coward, 16 Mar 2014 @ 1:15am

Re:
Just because a cost isn't (directly) measured monetarily, does not mean for a second that it's free, or without a price.
[ link to this | view in thread ]
Anonymous Coward, 16 Mar 2014 @ 6:03am

Re:
Like onions

Onions of bullshit
[ link to this | view in thread ]
Anonymous Coward, 16 Mar 2014 @ 6:04am

Re: Re:
layers.........onion LAYERS of bullshit
[ link to this | view in thread ]
John Fenderson (profile), 17 Mar 2014 @ 8:33am

Re: The fun has yet to really begin
"Microsoft will withdraw security patches from Windows XP"

Uhh, no.

Security patches already released are not being "withdrawn". If you've patched your OS, those patches will remain. There just won't be any new patches.
[ link to this | view in thread ]