NSA Denies Everything About Latest Intercept Leak, Including Denying Something That Was Never Claimed

from the let's-play-word-games-with-the-NSA dept

The recent leaks published at Glenn Greenwald’s new home, The Intercept, detailed the NSA’s spread of malware around the world, with a stated goal of sabotaging “millions” of computers. As was noted then, the NSA hadn’t issued a comment. The GCHQ, named as a co-conspirator, had already commented, delivering the usual spiel about legality, oversight and directives — a word salad that has pretty much replaced “no comment” in the intelligence world.

The NSA has now issued a formal statement on the leaks, denying everything — including something that wasn’t even alleged. In what has become the new “no comment” on the NSA side, the words “appropriate,” “lawful” and “legitimate” are trotted out, along with the now de rigueur accusations that everything printed (including, apparently, its own internal documents) is false.

Recent media reports that allege NSA has infected millions of computers around the world with malware, and that NSA is impersonating U.S. social media or other websites, are inaccurate. NSA uses its technical capabilities only to support lawful and appropriate foreign intelligence operations, all of which must be carried out in strict accordance with its authorities. Technical capability must be understood within the legal, policy, and operational context within which the capability must be employed.

NSA’s authorities require that its foreign intelligence operations support valid national security requirements, protect the legitimate privacy interests of all persons, and be as tailored as feasible. NSA does not use its technical capabilities to impersonate U.S. company websites. Nor does NSA target any user of global Internet services without appropriate legal authority. Reports of indiscriminate computer exploitation operations are simply false.

First off, for the NSA to claim that loading up “millions” of computers with malware is somehow targeted (and not “indiscriminate”) is laughable. As for its “national security directive,” it made a mockery of that when it proudly announced in its documents that “we hunt sys admins.” Targeting telco and ISP systems administrators goes well outside the bounds of “national security.” These people aren’t suspected terrorists. They’re just people inconveniently placed between the NSA and its goal of “collecting it all.”

Last, but not least, the NSA plays semantic games to deny an accusation that was never made, calling to mind Clapper’s denial of a conveniently horrendous translation of a French article on its spying efforts there.

NSA does not use its technical capabilities to impersonate U.S. company websites.

This “denial” refers to this portion of The Intercept’s article.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive…

In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive.

The NSA’s own documents say that QUANTUMHAND “exploits the computer of a target that uses Facebook.” The man-on-the-side attack impersonates a server, not the site itself. The NSA denies impersonating sites, but that’s not what The Intercept said or what its own documents state. This animated explanation, using the NSA’s Powerpoint presentation, shows what the attack does — it tips the TURBINE servers, which then send the malware payload before the Facebook servers can respond. To the end user, it looks as though Facebook is just running slowly.

When the NSA says it doesn’t impersonate sites, it truly doesn’t. It injects malware by beating Facebook server response time. It doesn’t serve up faux Facebook pages; it simply grabs the files and data from compromised computers. The exploit is almost wholly divorced from Facebook itself. The social media site is an opportunity for malware deployment, and the NSA doesn’t need to impersonate a site to achieve its aims. This is the NSA maintaining deniability in the face of damning allegations — claiming something was said that actually wasn’t and resorting to (ultimately futile) attempts to portray journalists as somehow less trustworthy than the agency.

Filed Under: , , , , ,
Companies: facebook

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSA Denies Everything About Latest Intercept Leak, Including Denying Something That Was Never Claimed”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Denial = Confirmation?

considering how much access they seemed to have I think it is entirely possible for them to do that. And the criminal energy to do it definitely there as well.

By now you have to assume the worst when it comes to them, and once the truth comes out it tends to paint and even worse picture then what you could imagine.

And there is still the question if facebook and similar sites might be at least funded, if not run by intelligence agencies alltogether. If that is the case that would put this denial in an entirely different light. It would read “We don’t impersonate companies. We ARE the companies.”…

Anonymous Coward says:

My idea was much the same as sorrykb’s.

The NSA has already spent its creditability. It wasted it on previous claims of absolutely not doing this or that, followed by days later it being revealed, yeah it did.

I think we’ve reached the point that we realized that nothing the NSA says will have have the ring of truth about it, even when they are telling the truth.

edpo says:

NSA Word-Smithing

“When I use a word,” Humpty Dumpty said, in a rather scornful tone, “it means just what I choose it to mean – neither more nor less.”

“The question is,” said Alice, “whether you can make words mean so many different things.”

“The question is,” said Humpty Dumpty, “which is to be master – that’s all.”

art guerrilla (profile) says:

Re: NSA Word-Smithing

i can not stress this poster’s sentiment, as well as voiced in the article itself, of the CHILDISH semantic games the alphabet spooks will play…
they WILL (metaphorically speaking) look you straight in the eye, piss on your leg, and INSIST it is raining; THEN fabricate evidence to ‘prove’ it was rain…
in my readings about the evil done in our name, with our money, supposedly to ‘protect and serve’ us, by the boys in black, you can NOT UNDERESTIMATE the most simplistic, and -to repeat myself- CHILDISH ways they will LIE AND DISSEMBLE…
they are scum, they are slime, they are NOT the best and the brightest, they are the worst and most immoral…

we do NOT deserve these pieces of shit…

Anonymous Coward says:

We know that the NSA, with the cooperation of the companies involved, has equipment co-located at major backbones and POPs to achieve the goals for QUANTUMHAND, QUANTUMINSERT, and etc.

At what point will we start confronting these companies and pressuring them to discontinue such cooperation? I know it’s no easy task, but just as much as the government is reeling from all the public pressure, so too will these companies if we press their hands. Make it affect their bottom line.

Anonymous Coward says:

more fun with words...

Full Definition of FOREIGN
1: situated outside a place or country; especially : situated outside one’s own country

2: born in, belonging to, or characteristic of some place or country other than the one under consideration

3: of, relating to, or proceeding from some other person or material thing than the one under consideration

4: alien in character : not connected or pertinent

5: related to or dealing with other nations

6a : occurring in an abnormal situation in the living body and often introduced from outside
b : not recognized by the immune system as part of the self

7: not being within the jurisdiction of a political unit (as a state)

Anonymous Coward says:

is techdirt an hack target?

this page of your site tries to run scripts from

and install cookies from

and request resources from

and install/use tracking beacons from
facebook connect
google +1
scorecard research beacon
twitter button.

…and who knows what else would run if all that was allowed to proceed. (I’m not going to run them to find out the 2nd level stuff)

for all the great reporting techdirt does on spying/tracking/privacy- you need to get you shit together already with this site; it seams like you’re part of the problem. Please explain the technical facts as to why these same types of hacks couldn’t be done to your readers through this clusterfuck of off site scripts/beacons/cookies/resources your forcing on people to ignorant to know how to block them.

kudos for keeping the site working without that crap- but ffs, having it on by default makes techdirt seam hypocritical at best.

Anonymous mouse says:

I seem to remember some articles about why people who don’t use Facebook are suspect. To wit,



Are these possible signs that the NSA and GHCQ planted those stories?

Anonymous Coward says:

hack target?- amend.

-I posted above on the sites scripts/etc.
perhaps I was a bit harsh/ short sited.

Is there a way you can continue to do your excellent work, and have a reasonably profitable business model, without all those third parties spying on your readers, and the risks your current setup may incur?

John Fenderson (profile) says:

Re: hack target?- amend.

That whole thing is off topic and unnecessarily verbose. And while you are being hyperbolic, you do have a point.

However, it’s also not underhanded — everyone who doesn’t block that stuff plainly sees the ads, social media buttons, and other visible manifestations of the various connections outside the site. It’s also the same stuff you see on most major websites these days. Very few people are utterly ignorant about what’s going on for very long. These issues are well and widely discussed. Blocking it all is very easy, and people who care pretty quickly learn how to do it.

My own elderly tech-ignorant mother, shortly after she discovered the web when playing with she shiny new computer, called me up to tell me about this awesome thing she found called AdBlock.

Anonymous Coward says:

The fun has yet to really begin

On April 8th, this year, Microsoft will withdraw security patches from Windows XP, leaving computers running it totally vulnerable to such hacks. Anybody want to place bets on the fact that the alphabet soup agencies of our wonderful gummint are going to be first in line to exploit them? Just think what NSA could do with 300,000,000+ computers to play with!

Anonymous Coward says:

rere hack target-amend

Yes your right, it was off topic, and unnecessarily verbose, I apologize; you guys don’t deserve that sort of post. I ready several articles before posting that and some emotion had just built up; Things have just been getting to me lately I guess. The idea of those scripts/etc being a targeting/attack vector doesn’t feel hyperbolic at all to me, and I wish I knew more/understood it better.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...