Facebook & Akamai respond to NSA slides alleging massive CDN vulnerability

Above: A photo composition of National Security Agency headquarters in Maryland, U.S.

Image Credit: Wikipedia & Harrison Weber / VentureBeat

Four years ago the NSA and FBI turned Facebook into a vehicle for mass surveillance.

In order to gain access to the private Facebook photos of targets, NSA slides allege that the two government agencies went after Facebook’s content delivery network (CDN), Akamai.

Documents released by security journalist Glenn Greenwald make clear how the agencies collected information “by exploiting inherent weaknesses in Facebook’s security model,” through a collaboration which began in October 2010, and was declared successful by the two agencies six months later.

In response to VentureBeat’s report on the matter, a Facebook spokesperson claimed that the company doesn’t “have any evidence of these allegations.” Yet, in an email the company went on to emphasize that the slides are not new, and that in recent years Facebook’s “security technology improved in many important ways.”

While sharing various security improvements, the Facebook spokesperson highlighted Facebook’s revised image upload URL structure — a change which sits at the heart of the controversy.

Akamai, tight-lipped, told VentureBeat the following: “while we can’t comment on specific customer configurations, to our knowledge there was no vulnerability on the Akamai CDN.” The firm’s denial went much further than this, however. In our discussions with Akamai, all vulnerabilities appeared to point towards Facebook’s image upload URL structure — not Akamai’s CDN.

The firm acknowledged that the photos, according to the leaked slides, were retrieved from Akamai’s CDN, yet insisted that such a circumstance could have occurred regardless of which CDN or caching capabilities were utilized by Facebook.


Further complicating the issue, however, is the lack of details in the NSA’s slides, one of which [above] appears to implicate Akamai as a direct target of NSA mass surveillance.

More on the matter: How the NSA & FBI made Facebook the perfect mass surveillance tool.

More information:

Akamai® is the leading cloud platform for helping enterprises provide secure, high-performing user experiences on any device, anywhere. At the core of the Company's solutions is the Akamai Intelligent Platform™ providing extensive ... read more »

Facebook is the world’s largest social network, with over 1.15 billion monthly active users. Facebook was founded by Mark Zuckerberg in February 2004, initially as an exclusive network for Harvard students. It was a huge hit: in 2 w... read more »

Powered by VBProfiles

VentureBeat is studying mobile marketing automation. Chime in, and we’ll share the data.
Michael Bailey
Michael Bailey

This is kind of dumb, because even today on Facebook if you get the image URL even to a Private Photo you can view that image on the internet..   We think oh just because something sits behind a password it can't been intercepted, however it can rather easily be done (NSA not required)  just through normal HTTP protocols.   If it's on the internet someone can see it period, I'm not sure what has changed that everyone is all up in open arms because it's ALWAYS been this way.  

Case and point, this is a private photo post I just made on facebook and here is the image anyone can see even though I told facebook for it to be private.

Dave Mariner
Dave Mariner

Isn't the slide referring purely to GCHQ - a British governmental organization? JTRIG is also part of GCHQ. Apart from that they're in bed with each other where's the NSA/FBI connection? 


Add to that as well....Akamai and Ancestry

Jorge Guimaraes
Jorge Guimaraes

".... Four years ago the NSA and FBI turned Facebook into a vehicle for mass surveillance. In order to gain access to the private Facebook photos of targets, NSA slides allege that the two government agencies went after Facebook’s content delivery network ..."

Jorge Guimaraes
Jorge Guimaraes

Ahhhhhhh ! agora entendi porque tenho porque eu so tenho 05 amigos em minha lista e esta aparecendo que tenho 07 amigos !!!! lol !!! → Now I understand why because I only have 05 friends on my list and is showing that I have 07 friends