Leaked NSA documents have revealed that the spy agency used Google's advertising cookies to identify and track targets in a hacking operation.
According to reports by the Washington Post, based on documents leaked by NSA whistle-blower Edward Snowden, both the NSA and GCHQ used the cookies to help track users across the internet.
The operation used Google's PREF cookies, which are used by the search giant to provide personalised web pages for users based on previous browsing habits and preferences.
While the cookies don't contain information such as usernames or email addresses, they do contain details such as location, language preference, search engine settings, number of search results to display per page as well as other bits of information that advertisers can use to identify a particular browser.
The newspaper said that these cookies along with those from other companies have allowed the NSA to track user habits and allow remote exploitation of computers.
While the document does not say how the NSA obtained the cookies, other documents unearthed by Washing Port reporters said the agency could have made a direct request to Google using a Fisa order. Under the Fisa law, Google would not have been allowed to inform users of such an action by the NSA.
The cookies were collected by NSA's Special Source Operations (SSO) unit and are sent to the agency's Tailored Access Operations (TAO) unit. This specialises in offensive operations such as infecting target computers and networks with malware designed to obtain information and create backdoors.
As reported by sister publication PC Pro, a Lib Dem MP is pushing for greater protection for UK citizens from online spying. Former minister David Heath called for new laws to prevent spy agencies from tapping emails and calls without a warrant.
Heath wants loopholes in the Regulation of Investigative Powers Act 2000 and the Intelligence Services Act 1994 that allow wholesale data collection to be closed.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Former GCHQ intern risked national security after taking home top secret dataNews A former GCHQ intern has pleaded guilty to transferring data from a top-secret computer onto his work phone.
-
Businesses must get better at sharing cyber information, urges former GCHQ chiefJeremy Fleming, the former head of GCHQ, has warned businesses face increasingly sophisticated cyber attacks on critical national infrastructure (CNI).
-
Hackers are lying low in networks to wage critical infrastructure attacks - here’s how they do itNews Hackers are researching key IT workers in their bid to gain access to vital systems
-
ASUS, Cisco, Netgear devices exploited in ongoing Chinese hacking campaignNews Critical national infrastructure is the target of sustained attempts from state-sponsored hackers, according to Five Eyes advisories
-
US reveals bespoke tool that took down Russian malware operationNews Snake had been used to steal NATO countries’ data for 20 years
-
Move away from memory-unsafe languages like C and C++, NSA urgesNews The US agency advises organisations to begin using languages like Rust, Java, and Swift
-
US gov issues fresh warning over Russian threat to critical infrastructureNews The FBI, NSA and CISA have urged network defenders to be on "heightened alert" for Russian cyber attacks
-
UK and US pledge to punish cyber criminals at annual meetingNews Intelligence and defence officials met at the annual forum to discuss approaches to cyber security for the years ahead
