Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. [...]
NSA masqueraded as Google to spy on web users - report***
The NSA used ‘man in the middle’ hack attacks to impersonate Google and fool web users, leaks have revealed. The technique circumvents encryption by redirecting users to a copycat site which relays all the data entered to NSA data banks.
Brazilian television network Globo News released a report based on classified data divulged by former CIA worker Edward Snowden on Sunday. The report itself blew the whistle on US government spying on Brazilian oil giant Petrobras, but hidden in amongst the data was information the NSA had impersonated Google to get its hands on user data.
Globo TV showed slides from a 2012 NSA presentation explaining how the organization intercepts data and re-routes it to NSA central. One of the convert techniques the NSA uses to do this is a ‘man in the middle’ (MITM) hack attack.
This particular method of intercepting internet communications is quite common among expert hackers as it avoids having to break through encryption.
- Essentially, NSA operatives log into a router used by an internet service provider and divert ‘target traffic’ to a copycat MITM site, whereupon all the data entered is relayed to the NSA.
- The data released by Edward Snowden and reported on by Globo News suggests the NSA carried out these attacks disguised as Google.
When the news broke about the NSA gathering information through internet browsers, tech giants such as Google and Yahoo denied complicity, maintaining they only handover data if a formal request is issued by the government.
"As for recent reports that the US government has found ways to circumvent our security systems, we have no evidence of any such thing ever occurring. We provide our user data to governments only in accordance with the law," said Google spokesperson Jay Nancarrow to news site Mother Jones.
Google, along with Microsoft, Facebook and Yahoo, has filed a lawsuit against the Foreign Intelligence Surveillance Court (FISA) to allow them to make public all the data requests made by the NSA.
“Given the important public policy issues at stake, we have also asked the court to hold its hearing in open rather than behind closed doors. It's time for more transparency," Google’s director of law enforcement and information security, Richard Salgado, and the director of public policy and government affairs, Pablo Chavez, wrote in a blog post on Monday.
The tech giants implicated in NSA’s global spying program have denied criticism that they could have done more to resist NSA spying. Marissa Mayer, CEO of Yahoo, claimed that speaking out about the NSA’s activities would have amounted to ‘treason’ at a press conference in San Francisco on Wednesday.
In Yahoo’s defense, she argued that the company had been very skeptical of the NSA’s requests to disclose user data and had resisted whenever possible. Mayer concluded that it was more realistic to work within the system,” rather than fight against it.
Snowden: NSA använder phishing - utger sig för att vara Google på falska webbsajter