The revelation, built of course on top of documents leaked by Edward Snowden, were another stunning indication of potential overreach by the NSA, an agency that has been hobbled in the past year by a constant drip of information regarding its practices and techniques.
The NSA’s terse response called the report “inaccurate,” denying that it uses its tools to “impersonate U.S. company websites.” Here’s the full statement:
Recent media reports that allege NSA has infected millions of computers around the world with malware, and that NSA is impersonating U.S. social media or other websites, are inaccurate. NSA uses its technical capabilities only to support lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities. Technical capability must be understood within the legal, policy, and operational context within which the capability must be employed.
NSA’s authorities require that its foreign intelligence operations support valid national security requirements, protect the legitimate privacy interests of all persons, and be as tailored as feasible. NSA does not use its technical capabilities to impersonate U.S. company websites. Nor does NSA target any user of global Internet services without appropriate legal authority. Reports of indiscriminate computer exploitation operations are simply false.
The NSA’s refutation of the story comes after Mark Zuckerberg publicly zinged the agency, called for reform and a better Internet, and said that he had called the president over the matter. That it was his company that the documents cited as the impersonated party, of course, must have been tough to swallow.
Regarding the claim that the NSA doesn’t impersonate “websites,” it’s worth pointing out The Intercept’s original wording regarding the alleged activities: “In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive.” I’ll leave it to you to decide if that is a distinction with, or without a difference.
The NSA’s spate of bad publicity doesn’t appear to be abetting, nor is there an end in sight. Snowden himself appeared at SXSW to answer questions, and declare that the NSA is “setting fire to the future of the Internet.”
So, what’s next?