Four years ago the NSA and FBI turned Facebook into a vehicle for mass surveillance.
In order to gain access to the private Facebook photos of targets, NSA slides allege that the two government agencies went after Facebook’s content delivery network (CDN), Akamai.
Documents released by security journalist Glenn Greenwald make clear how the agencies collected information “by exploiting inherent weaknesses in Facebook’s security model,” through a collaboration which began in October 2010, and was declared successful by the two agencies six months later.
In response to VentureBeat’s report on the matter, a Facebook spokesperson claimed that the company doesn’t “have any evidence of these allegations.” Yet, in an email the company went on to emphasize that the slides are not new, and that in recent years Facebook’s “security technology improved in many important ways.”
While sharing various security improvements, the Facebook spokesperson highlighted Facebook’s revised image upload URL structure — a change which sits at the heart of the controversy.
Akamai, tight-lipped, told VentureBeat the following: “while we can’t comment on specific customer configurations, to our knowledge there was no vulnerability on the Akamai CDN.” The firm’s denial went much further than this, however. In our discussions with Akamai, all vulnerabilities appeared to point towards Facebook’s image upload URL structure — not Akamai’s CDN.
The firm acknowledged that the photos, according to the leaked slides, were retrieved from Akamai’s CDN, yet insisted that such a circumstance could have occurred regardless of which CDN or caching capabilities were utilized by Facebook.
Further complicating the issue, however, is the lack of details in the NSA’s slides, one of which [above] appears to implicate Akamai as a direct target of NSA mass surveillance.
More on the matter: How the NSA & FBI made Facebook the perfect mass surveillance tool.