Your Source for Leaks Around the World!

NSA Using Advertising Data for Surveillance: Cookies to Identify Hacking Targets, Mobile Apps to Track Locations

In Archive, GCHQ, Hacking, NSA, NSA Files, SSO, Surveillance, TAO on December 11, 2013 at 6:47 AM

12/10/2013

Ashkan Soltani/Andrea Peterson/Barton Gellman/WashingtonPost:

The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using “cookies” and location data to pinpoint targets for government hacking and to bolster surveillance.

The agency’s internal presentation slides, provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government. The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations.

According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or “cookies” that advertising networks place on computers to identify people browsing the Internet. The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie. These cookies typically don’t contain personal information, such as someone’s name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person’s browser.

In addition to tracking Web visits, this cookie allows NSA to single out an individual’s communications among the sea of Internet data in order to send out software that can hack that person’s computer. The slides say the cookies are used to “enable remote exploitation,” although the specific attacks used by the NSA against targets are not addressed in these documents.

The NSA’s use of cookies isn’t a technique for sifting through vast amounts of information to find suspicious behavior; rather, it lets NSA home in on someone already under suspicion – akin to when soldiers shine laser pointers on a target to identify it for laser-guided bombs.

Given the widespread use of Google services and widgets, most Web users are likely to have a Google PREF cookie even if they’ve never visited a Google property directly.

That PREF cookie is specifically mentioned in an internal NSA slide, which reference the NSA using GooglePREFID, their shorthand for the unique numeric identifier contained within Google’s PREF cookie. Special Source Operations (SSO) is an NSA division that works with private companies to scoop up data as it flows over the Internet’s backbone and from technology companies’ own systems. The slide indicates that SSO was sharing information containing “logins, cookies, and GooglePREFID” with another NSA division called Tailored Access Operations, which engages in offensive hacking operations. SSO also shares the information with the British intelligence agency GCHQ.

This isn’t the first time Google cookies have been highlighted in the NSA’s attempts to identify targets to hack. A presentation released in October by the Guardian called “Tor Stinks” indicates that the agency was using cookies for DoubleClick.net, Google’s third-party advertising service, in an attempt to identify users of the Internet anonymization tool Tor when they switched to regular browsing.

Separately, the NSA is also using commercially gathered information to help it locate mobile devices around the world, the documents show. Many smartphone apps running on iPhones and Android devices, and the Apple and Google operating systems themselves, track the location of each device, often without a clear warning to the phone’s owner. This information is more specific than the broader location data the government is collecting from cellular phone networks, as reported by the Post last week.

Another slide indicates that the NSA is collecting location data transmitted by mobile apps to support ad-targeting efforts in bulk. The NSA program, code-named HAPPYFOOT, helps the NSA to map Internet addresses to physical locations more precisely than is possible with traditional Internet geolocation services.

Many mobile apps and operating systems use location-based services to help users find restaurants or establishments nearby. In fact, even when GPS is disabled, most smart phones silently determine their location in the background using signals from Wi-Fi networks or cellular towers.

And apps that do not need geo-location data may still collect it anyway to share with third-party advertisers. Just last week, the Federal Trade Commission announced a settlement for a seemingly innocuous flashlight app that allegedly leaked user location information to advertisers without consumers’ knowledge.

Apps transmit their locations to Google and other Internet companies because ads tied to a precise physical location can be more lucrative than generic ads. But in the process, they appear to tip off the NSA to a mobile device’s precise physical location. That makes it easier for the spy agency to engage in the sophisticated tracking techniques the Post described in their Dec. 4 story.

These specific slides do not indicate how the NSA obtains Google PREF cookies or whether the company cooperates in these programs, but other documents reviewed by the Post indicate that cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. If the NSA gets the data that way, the companies know and are legally compelled to assist.

Related Link: “Golden Nugget! The Mobile Surge”: NSA/GCHQ Target Smartphone Apps to Collect Personal Data/Location Info

  1. […] Related: NSA Using Advertising Data for Surveillance: Cookies to Identify Hacking Targets, Mobile Apps to Tra… […]

  2. […] NSA Using Advertising Data for Surveillance: Cookies to Identify Hacking Targets, Mobile Apps to Tra… […]

  3. […] selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific […]

  4. […] NSA Using Advertising Data for Surveillance: Cookies to Identify Hacking Targets, Mobile Apps to Tra… […]

  5. […] confirmation came in the form of Google, Yahoo, and LinkedIn “cookies,” tiny unique files that are automatically placed on computers to identify and sometimes track […]

  6. […] 2010 presentation, along with additional documents from GCHQ and NSA, showed that the intelligence agencies were aggressively ramping up their efforts […]

  7. […] can sometimes lead them to a Facebook profile page and to a string of Google and other cookies used to track online users’ activities for advertising purposes. This can help identify an […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: