NSA taps tracking cookies used by Google, others, to monitor surveillance targets

Dec 11, 2013 10:05 am | Computerworld
Browser cookies used to serve targeted ads are a rich source of material for NSA, report says
by Jaikumar Vijayan
.
The browser cookies that online companies use to track Internet customers for targeted advertising are also used by the National Security Agency to track surveillance targets and break into their systems.
The agency’s use of browser cookies is restricted to tracking specific suspects rather than sifting through vast amounts of user data, the Washington Post reported Tuesday, citing internal documents obtained from former NSA contractor Edward Snowden.
Google’s PREF (for preference) cookies, which the company uses to personalize webpages for Internet users based on their previous browsing habits and preferences, appears to be a particular favorite of the NSA, the Post noted.
PREF cookies don’t store any user identifying information such as user name or email address. But they contain information on a user’s general location, language preference, search engine settings, number of search results to display per page and other data that lets advertisers uniquely identify an individual’s browser.
The Google cookie, and those used by other online companies, can be used by the NSA to track a target user’s browsing habits and to enable remote exploitation of their computers, the Post said.
Documents made available by Snowden do not describe the specific exploits used by the NSA to break into a surveillance target’s computers. Neither do they say how the NSA gains access to the tracking cookies, the Post reported.
It is theorized that one way the NSA could get access to the tracking cookies is to simply ask the companies for them under the authority granted to the agency by the Foreign Intelligence Surveillance Act (FISA).
Separately, the documents leaked by Snowden show that the NSA is also tapping into cell-phone location data gathered and transmitted by makers of mobile applications and operating systems. Google and other Internet companies use the geo-location data transmitted by mobile apps and operating systems to deliver location-aware advertisements and services to mobile users.
However, the NSA is using the same data to track surveillance targets with more precision than was possible with data gathered directly from cell-phone makers, the Post noted. The mobile app data, gathered by the NSA under a program codenamed “Happyfoot,” allows the agency to tie Internet addresses to physical locations more precisely than was possible with cell-phone location data.
An NSA division called Tailored Access Operations uses the data gathered from tracking cookies and mobile applications to launch offensive hacking operations against specific target computers, the Post said.
An NSA spokeswoman Wednesday did not comment on the specific details in the Post story but reiterated the agency’s commitment to fulfill its mission of protecting the country against those seeking to do it harm.
– See more at: http://www.itnews.com/mobile-security/72091/nsa-taps-tracking-cookies-used-google-others-monitor-surveillance-targets?source=ITNEWSNLE_nlt_itndaily_2013-12-11#sthash.xVoBUfaJ.dpuf