Edward Snowden strikes again. This time, he released data to Brazillian media about US government espionage on the oil company Petrobras. Hidden within this information was the golden nugget: the NSA had impersonated Google. The technique they used redirected users to a copycat “Google” site which then sent all the data into NSA data banks.
This method is called “man in the middle” or MITM, and is commonly used by hackers, because it saves them the hassle of breaking through encryption. They divert the internet traffic of choice to a copycat MITM site, which allows them to store all the data users have provided.
Hackers often use bank websites to steal passwords. They then use their stolen passwords to log in to real banking sites and serve as a “man in the middle”, relaying data from bank to customer, all the while collecting it for themselves.
The website of choice for the NSA was reported to be Google.
Google and other search companies have denied helping the US government to get their hands on people’s data, insisting any handover was made only upon formal request. Google, Yahoo, Microsoft and Facebook have filed a lawsuit against the Foreign Intelligence Surveillance Act (FISA), asking to make all data requests made by the NSA public.
The Brazillian report mentions only the NSA, but their is no reason why their UK counterparts, the Government Communications Headquarters (GCHQ) could not be complicit.