How the NSA & FBI made Facebook the perfect mass surveillance tool

Facebook
Image Credit: ansik

Update May 15 at 3:11 PM ET: Facebook and Akamai responded to VentureBeat’s report. Read their responses here.

The National Security Agency and the FBI teamed up in October 2010 to develop techniques for turning Facebook into a surveillance tool.

Documents released alongside security journalist Glenn Greenwald’s new book, “No Place To Hide,” reveal the NSA and FBI partnership, in which the two agencies developed techniques for exploiting Facebook chats, capturing private photos, collecting IP addresses, and gathering private profile data.

According to the slides below, the agencies’ goal for such collection was to capture “a very rich source of information on targets,” including “personal details, ‘pattern of life,’ connections to associates, [and] media.”

Screen Shot 2014-05-15 at 8.56.48 AM

NSA documents make painfully clear how the agencies collected information “by exploiting inherent weaknesses in Facebook’s security model” through its use of the popular Akamai content delivery network. The NSA describes its methods as “assumed authentication,” and “security through obscurity.”

Screen Shot 2014-05-15 at 8.57.21 AM

The slide below shows how the NSA and U.K. spy agency GCHQ also worked together to “obtain profile and album images.”

Screen Shot 2014-05-15 at 8.58.03 AM

Two months ago, following a series of Facebook-related NSA spying leaks, Facebook chief Mark Zuckerberg stated in a blog post that he’s “confused and frustrated by the repeated reports of the behavior of the U.S. government.”

According to a report by The Intercept, the above slides do not reveal the NSA’s Facebook surveillance program in full. The report states that the NSA also “disguises itself as a fake Facebook server” to perform “man-in-the-middle” and “man-on-the-side” attacks and spread malware [below].

As we wrote at the time, the “NSA’s Facebook targeting is reportedly a response to the declining success of other malware injection techniques. Previous techniques included the use of “spam emails that trick targets into clicking a malicious link.”

Following the report, released in March, Zuckerberg said, “When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government.”

Zuckerberg claimed he disapproved of the NSA’s actions and said that he’s spoken to president Barack Obama by phone to “express [his] frustration over the damage the government is creating for all of our future.”

Facebook and Akamai responded to VentureBeat’s report. Read our follow-up here.


VentureBeat is studying mobile marketing automation. Chime in, and we’ll share the data.