An article that accused the National Security Agency of impersonating Facebook to spy on U.S. citizens has triggered a denial from the NSA and a reprimand for the U.S. president from CEO Mark Zuckerberg.
The article, which also said the NSA plans to infect millions of PCs with malware, appeared on the website First Look and was co-written by Glenn Greenwald, who shot to prominence last year for a series of articles in the Guardian about classified NSA documents leaked by Edward Snowden.
“In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive,” the article states, citing leaked documents.
“In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam.”
On Thursday, the NSA issued a sharp rebuke.
“Recent media reports that allege NSA has infected millions of computers around the world with malware, and that NSA is impersonating U.S. social media or other websites, are inaccurate,” it said in a statement.
“NSA uses its technical capabilities only to support lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities,” the NSA said.
Greenwald’s article attracted wide attention and apparently caught the eye of Zuckerberg, who took to his Facebook page Thursday to complain he has been “confused and frustrated” by the “repeated reports of the behavior of the US government.”
“The US government should be the champion for the internet, not a threat,” he wrote. “They need to be much more transparent about what they’re doing, or otherwise people will believe the worst.
“I’ve called President Obama to express my frustration over the damage the government is creating for all of our future,” Zuckerberg continued. “Unfortunately, it seems like it will take a very long time for true, full reform.”
In its statement, the NSA denied impersonating “U.S. company websites” but did not extend that denial to foreign company websites.
The agency said it doesn’t target global Internet services “without appropriate legal authority. Reports of indiscriminate computer exploitation operations are simply false,” it said.