The NSA used ‘man in the middle’ hack attacks to impersonate Google and fool web users, leaks have revealed. The technique circumvents encryption by redirecting users to a copycat site which relays all the data entered to NSA data banks.
Brazilian television network Globo News released a report based on classified data divulged by
former CIA worker Edward Snowden on Sunday. The report itself
blew the whistle on US government spying on Brazilian oil giant
Petrobras, but hidden in amongst the data was information the NSA
had impersonated Google to get its hands on user data.
Globo TV showed slides from a 2012 NSA presentation explaining
how the organization intercepts data and re-routes it to NSA
central. One of the convert techniques the NSA uses to do this is
a ‘man in the middle’ (MITM) hack attack.
This particular method of intercepting internet communications is
quite common among expert hackers as it avoids having to break
through encryption. Essentially, NSA operatives log into a router
used by an internet service provider and divert ‘target traffic’
to a copycat MITM site, whereupon all the data entered is relayed
to the NSA. The data released by Edward Snowden and reported on
by Globo News suggests the NSA carried out these attacks
disguised as Google.
When the news broke about the NSA gathering information through
internet browsers, tech giants such as Google and Yahoo denied
complicity, maintaining they only handover data if a formal
request is issued by the government.
"As for recent reports that the US government has found ways
to circumvent our security systems, we have no evidence of any
such thing ever occurring. We provide our user data to
governments only in accordance with the law," said Google
spokesperson Jay Nancarrow to news site Mother Jones.
Google, along with Microsoft, Facebook and Yahoo, has filed a
lawsuit against the Foreign Intelligence Surveillance Court
(FISA) to allow them to make public all the data requests made by
the NSA.
“Given the important public policy issues at stake, we have
also asked the court to hold its hearing in open rather than
behind closed doors. It's time for more transparency,"
Google’s director of law enforcement and information security,
Richard Salgado, and the director of public policy and government
affairs, Pablo Chavez, wrote in a blog post on Monday.
The tech giants implicated in NSA’s global spying program have
denied criticism that they could have done more to resist NSA
spying. Marissa Mayer, CEO of Yahoo, claimed that speaking out
about the NSA’s activities would have amounted to ‘treason’ at a
press conference in San Francisco on Wednesday.
In Yahoo’s defense, she argued that the company had been very
skeptical of the NSA’s requests to disclose user data and had
resisted whenever possible. Mayer concluded that it was more
realistic to work within the system,” rather than fight against
it.