As news has spread of the possibility that the US National Security Agency (NSA) was using wide-scale malware
in its intelligence-gathering efforts, so have the responses. Over the last two days, Facebook founder Mark Zuckerberg has penned a harshly-worded response, including making a call to President Barack Obama. Additionally, the NSA has refuted the claim, saying that all it is doing is supporting "lawful and appropriate foreign intelligence operations" in accordance with US law.
Zuckerberg's post comes days after alleged NSA documents were published
saying that the NSA was capable of installing malware on a large scale, using automated systems and falsified websites. The documents detailed efforts to fake a Facebook server, with the targeted population infected upon visitation of the spoof site. The delivered payload on a smaller scale was used to record video and audio from an infected computer, and covertly deliver it to NSA servers.
A Facebook post
by Zuckerberg lamented the state of US-sponsored surveillance, saying that "when our engineers work tirelessly to improve security, we imagine we're protecting you against criminals, not our own government." Addressing his discontent, he said that the US government "should be the champion for the Internet, not a threat. They need to be much more transparent about what they're doing, or otherwise people will believe the worst."
The executive noted that he had called the President to address the situation, but doesn't seem to have been greeted with an enthusiastic response by the administration. Of the call, Zuckerberg states that "unfortunately, it seems like it will take a very long time for true, full reform."
Shortly after Electronista
published the report about international intelligence gathering agencies using "industrial scale" efforts for mass malware installations worldwide, the NSA responded to the claims. In an emailed statement, the NSA public affairs office said that reports that "allege NSA has infected millions of computers around the world with malware, and that NSA is impersonating US social media or other websites, are inaccurate," though the charges come directly from alleged NSA memos.
Clarifying its refutal of the report, the statement claims that all intelligence efforts carried out by the NSA "support valid national security requirements, protect the legitimate privacy interests of all persons, and be as tailored as feasible" and directly denies claims that the NSA "does not use its technical capabilities to impersonate US company websites."