NSA and GCHQ tracked Google cookies

Cookie eating monster surveillance is alleged to have occurred.

Cookies

Leaked NSA documents have revealed that the spy agency used Google's advertising cookies to identify and track targets in a hacking operation.

According to reports by the Washington Post, based on documents leaked by NSA whistle-blower Edward Snowden, both the NSA and GCHQ used the cookies to help track users across the internet.

The operation used Google's PREF cookies, which are used by the search giant to provide personalised web pages for users based on previous browsing habits and preferences.

While the cookies don't contain information such as usernames or email addresses, they do contain details such as location, language preference, search engine settings, number of search results to display per page as well as other bits of information that advertisers can use to identify a particular browser.

The newspaper said that these cookies along with those from other companies have allowed the NSA to track user habits and allow remote exploitation of computers.

While the document does not say how the NSA obtained the cookies, other documents unearthed by Washing Port reporters said the agency could have made a direct request to Google using a Fisa order. Under the Fisa law, Google would not have been allowed to inform users of such an action by the NSA.

The cookies were collected by NSA's Special Source Operations (SSO) unit and are sent to the agency's Tailored Access Operations (TAO) unit. This specialises in offensive operations such as infecting target computers and networks with malware designed to obtain information and create backdoors.

As reported by sister publication PC Pro, a Lib Dem MP is pushing for greater protection for UK citizens from online spying. Former minister David Heath called for new laws to prevent spy agencies from tapping emails and calls without a warrant.

Heath wants loopholes in the Regulation of Investigative Powers Act 2000 and the Intelligence Services Act 1994 that allow wholesale data collection to be closed. 

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
What are SSH keys?
cyber security

What are SSH keys?

7 May 2021
Google’s about to push everyone into two-factor authentication
Security

Google’s about to push everyone into two-factor authentication

6 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021