Science and Tech

Actions

NSA Using Cookies To 'Enable Remote Exploitation'?

A new report in The Washington Post indicates the NSA uses commercial tracking cookies to follow targets of interest.
Posted

The NSA has its hand in the cookie jar — a new report in the Washington Post indicates the NSA might use common web tracking software called cookies to more closely follow its surveillance targets.

Internal presentation slides leaked by Edward Snowden show the NSA piggybacks on these commercial trackers to follow a target's browsing and communications habits.

It doesn't mean the cookies themselves are necessarily malicious — they're the same ones advertisers and web companies use in the first place.

"They're little bits of software code… that basically allow them to track you in order to serve more relevant content and more relevant targeted advertising." (Via The Wall Street Journal)

The Washington Post's report says the NSA is making use of one cookie in particular — Google's PREF. It doesn't identify web users by name, but it is enough for the NSA to closely follow known targets and "enable remote exploitation." Gizmodo suggests it's less dragnet, more laser guidance.

"It's not a way of finding suspicious behaviour, then, but a way to home in on someone already under suspicion. Which doesn't sound as bad as some of the NSA tricks in use, but is still a serious invasion of privacy."

And as The Verge points out, there's also the matter of the NSA using one of Google's products to basically deliver malware.

"It's not clear whether Google is willfully allowing the NSA to piggyback on its cookies or whether it was required to by the FISA court. Given recent scrutiny into the security of Google data, this revelation can't be a happy one for the search and advertising giant."

Both Google and the NSA declined to comment on the report.