The Washington Post has yet another article based on Edward Snowden’s documents revealing yet greater expansion in the US and UK spying apparatus.
According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or “cookies” that advertising networks place on computers to identify people browsing the Internet. The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie. These cookies typically don’t contain personal information, such as someone’s name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person’s browser.
In addition to tracking Web visits, this cookie allows NSA to single out an individual’s communications among the sea of Internet data in order to send out software that can hack that person’s computer. The slides say the cookies are used to “enable remote exploitation,” although the specific attacks used by the NSA against targets are not addressed in these documents.
…Separately, the NSA is also using commercially gathered information to help it locate mobile devices around the world, the documents show. Many smartphone apps running on iPhones and Android devices, and the Apple and Google operating systems themselves, track the location of each device, often without a clear warning to the phone’s owner. This information is more specific than the broader location data the government is collecting from cellular phone networks, as reported by the Post last week.
“On a macro level, ‘we need to track everyone everywhere for advertising’ translates into ‘the government being able to track everyone everywhere,'” says Chris Hoofnagle, a lecturer in residence at UC Berkeley Law. “It’s hard to avoid.”
colnago80 says
Unfortunately, of one wants to see more then 10 links on a page in a Google search, one must use preferences which places the pref cookie on one’s computer.
Marcus Ranum says
The slides say the cookies are used to “enable remote exploitation,” although the specific attacks used by the NSA against targets are not addressed in these documents.
It’s probably what the drive-by malware downloaders do right now -- try to get a victim to browse to a site they control, which runs some script that checks the browser ID and other fingerprints of the operating system and browser the target is using, then does a quick dictionary lookup for a vulnerability that matches and sends a crafted piece of code to take over the machine.
As a computer security practitioner, what really makes pink steam squirt out of my ears about all this is that this is exactly the bullshit we “good guys” have been fighting and now it’s impossible to tell whether it’s the russian mafia that wants in to my computer, or the NSA, FBI, Chinese government, or whatever the fuck. They have opened the floodgates -- and jammed them open for some very very nasty shit and mark my words payback is going to be one hell of a bitch. If I were still consulting for NSA I’d be writing frantic memos up the chain of command that read more or less “GET US OFF THE INTERNET NOW. BY ‘OFF’ I mean OFF.”
invivoMark says
Oh, but didn’t you know that the NSA’s activities are subject to a strict, regularly audited system of checks and balances? I heard that somewhere.