NSA Hackers Help Themselves to Google's Cookies
Dec 12, 2013 8:38 AM PT
The United States National Security Agency is using at least one type of Google cookie -- PREF, which stores a user's preferences -- to home in on the PCs of targets it wants to hack, according to a Washington Post report.
NSA's Special Source Operations division, which works with private companies to slurp data from the Internet's backbone and from the companies' servers, apparently is sharing information containing logins, cookies and Google PREFID with Tailored Access Operations, the agency's cyberwarfare intelligence-gathering unit.
TAO reportedly custom-builds software attacks and has software templates to break into common brands of routers, switches and firewalls.
"Cookie data is another layer of information on top of networking data and location data that [government] agencies use to correlate identities, locations and activities into a single profile that can help them assess risk," remarked Marc Gaffan, cofounder of Incapsula.
Move Over, Cookie Monster
The NSA has been using Google cookies to home in on targets to hack for some time.
NSA and its UK counterpart, GCHQ, were using cookies for Google's DoubleClick online advertising service to identify users of the Tor online anonymizer, The Guardian reported in October.
"The NSA has found a way to use data intended for a different purpose to its advantage," Maxim Weinstein, security advisor at Sophos, told TechNewsWorld.
More About the PREF Cookie
The PREF cookie is virtually guaranteed to pop up in any browser.
For example, it emerged in Mac user Stephen Frankel's Safari browser even though he was blocking tracking cookies, had no Google accounts and was not visiting Google.
"One doesn't need to have a Google account or use Google to acquire a PREF cookie," Sophos' Weinstein explained. "Simply visiting a site with Google content embedded in it is sufficient."
There is no universal way to block tracking cookies, Weinstein said. Deleting existing PREF cookies, enabling Do Not Track, and disabling third-party cookies likely would keep a user's computer free of the PREF cookie.
However, that "doesn't have much effect on safely browsing the Internet or even evading NSA surveillance," Weinstein pointed out. "There are plenty of other cookies and methods of fingerprinting the NSA could use if they were looking to target a specific user."
A Knight in Tarnished Armor?
Following reports that it participated in the NSA's PRISM program, Google became vocal in its opposition to the agency's surveillance efforts.
Google previously called on the NSA for help when its network was penetrated by attacks originating in China.
These ties have given rise to speculation that perhaps Google's public opposition to the agency's surveillance activities is a public relations ploy.
"Is Google mad because this type of surveillance is interfering with its brand image?" asked Avni Rambhia, digital media industry manager at Frost & Sullivan. "Is it just a branding issue?"
On the other hand, "Google needs the U.S. government to thrive, and the U.S. government needs to work with Google because of [the company's] stature and reach," Rambhia told TechNewsWorld. "Google probably has more satellite maps than the NSA does."
Reach Out and Clobber Someone
There could be some justification for the NSA's approach, suggested Rambhia.
"Ultimately, the government is tasked with keeping a country safe," she explained.
"You start to see messy solutions to problems when the problems are messy and badly understood. If you had an outbreak of disease and didn't know what caused it, you'd shoot every antibiotic you had into yourself," Rambhia noted.
However, she added, "some transparency from the government on what they're doing and why, and information on the types of attacks they've stopped could be very helpful."