according to The Switch blog at The Washington Post, in a story just emailed as breaking news, NSA uses Google cookies to pinpoint targets for hacking.
The story is co-authored by Barton Gellman, who is on contract with the Post and has previously written stories using the material he was given by Snowden.
The opening two grafs:
The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance.Please keep reading.
The agency's internal presentation slides, provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government. The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations.
According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or "cookies" that advertising networks place on computers to identify people browsing the Internet. The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie. These cookies typically don't contain personal information, such as someone's name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person's browser.The NSA is then able to use the information to track the person's internet communication. It can also be used to hack the person's computer, although the slides released by Snowden do not directly indicate that is being done.
The key is the PREF cookie from Google:
Google assigns a unique PREF cookie anytime someone's browser makes a connection to any of the company's Web properties or services. This can occur when consumers directly use Google services such as Search or Maps, or when they visit Web sites that contain embedded "widgets" for the company's social media platform Google Plus. That cookie contains a code that allows Google to uniquely track users to "personalize ads" and measure how they use other Google products.
Given the widespread use of Google services and widgets, most Web users are likely to have a Google PREF cookie even if they've never visited a Google property directly.I have now already pushed the limits of fair use.
I wanted to get this story out to people quickly.
PErhaps someone more technically adept than am I (my period as a computer guru ended some 19 years ago, and my knowledge is no longer current) might choose to weigh in here.