NSA uses Google cookies to track and target suspects
Posted on 11 December 2013.
Bookmark and Share
Newly published documents from Edward Snowden's trove show that the NSA and its British counterpart GCHQ use Google's "preferences" cookies to follow suspects as they move around the Internet, and target them for later exploitation.


Google's PREF cookies - or "GooglePrefIDs" as the NSA calls them, alluding at the unique number they contain for each user - allow Google websites to remember users' preferences (region, language, site look, etc.) and deliver personalized ads.

But even if a user never visits any of Google's web properties, chances are good this cookie was stored in the user's browser at one time or other if he or she visited any site that contains embedded "widgets" for Google Plus - and we all know that a great number of them do. Also, many firms use Google's tech to deliver ads to Internet users, and they do it by taking advantage of the PREF cookie.

How the NSA gets a hold of these GooglePrefIDs is not defined in the documents, but according to the reporters of The Washington Post, other documents they had the chance to peruse say that cookie information can be requested by the NSA directly from Google by way of a FISA order.

The implication here is that Google possibly knew about these specific NSA activities (or at least about the possibility of the NSA misusing their cookies), but has been prevented from speaking about it due to the gag order that often accompanies a FISA order.

According to these latest documents, the GooglePrefIDs are collected by NSA's Special Source Operations (SSO) unit and is delivered to the agency's Tailored Access Operations (TAO) unit, which specializes in offensive operations such as infecting target computers and networks with malware designed to steal information, to persist through software and equipment upgrades, and to create backdoors.

Another thing this presentation revealed is the existence of "HAPPYFOOT," an NSA program aimed at using location data collected by mobile apps - data that is more accurate than that which can be collected via traditional Internet geolocation services.

We all know - and if we don't, we should - that a great number of mobile apps collect location data and share it with third-party advertisers so that those advertizers can deliver location-specific ads.

The NSA apparently uses that data to track the movements of "persons of interest."

As the WaPo reporters rightly note, these revelations might be a good new argument for privacy advocates who have repeated time and time again that commercial tracking shouldn't exist in the form it does today, as it can be misused for more sinister purposes.

In the meantime, Ed Felten, professor of computer science and public affairs at Princeton University and Chief Technologist for the US Federal Trade Commission, has shared some options that companies might want to explore if the want to stop the NSA from piggybacking on their tracking cookies.









Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //