NSA using Google cookies, app location data to track targets

NSA using Google cookies, app location data to track targets

Summary: A newly-released NSA document leaked by Edward Snowden shows that the agency is using advertising cookie and location data to track individuals already under suspicion.

SHARE:

A report in the Washington Post cites new NSA documents leaked by Edward Snowden tells of how the agency, in collaboration with the British equivalent the GCHQ, uses commercial web site cookies to track suspects.

The NSA expresses a particular interest in Google PREFIDs, which the documents indicate they use for "remote exploitation." See the image below.

NSA.cookie.theft
Excerpts from an April 2013 National Security Agency presentation detailing signal surveillance techniques and successes. Source: Washington Post

Cookies like these cannot be used individually to identify anyone. They do not contain any specifically identifying information, but do have unique IDs which can be used to track a user (or, more specifically, a browser) from location to location, and coordinated with other data. The agency can also tell from the cookies what sites the user has visited. This can assist in determining methods with which to compromise the computer.

The documents indicate that the NSA uses the data only to track suspects they have already identified through other means. They do not appear to collect cookie data more generally.

The documents do not say how the NSA obtains the cookie data from Google or other sources, but this data is discoverable under FISA court orders.

The documents also indicate that the agency, in a program named HAPPYFOOT, is also using location tracking information gathered by smartphone apps. Location data is often tied to advertising information collected by apps because advertisements associated with location data are more valuable than those without.

Topics: Security, Government US, Government UK, Privacy

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

19 comments
Log in or register to join the discussion
  • Extreme?

    All such insidious American Corporate and Governmental invasiveness should be terminated with extreme prejudice (as they say on UNIX command lines).
    jacksonjohn
    • What happens after?

      After it's all terminated and the terrorist and criminals can no longer be tracked, what then? If we remove every single measure to track and find criminals before they can blow up another building or kill another innocent individual, what do we do then? Do you want our planes hijacked? Would you truly prefer to see America torn down by our enemies? If you are truly an American, why wouldn't you want your country protected? Whether it's your car, home, or phone, I'm sure you have an alarm or some sort of early warning detection to prevent something bad from happening. You don't want your country to have the same?
      My Galaxy Prime
      • its sheep like you

        that has allowed this to happen. There is NO justification for spying on EVERYONE in hopes MAYBE they will catch someone. How about this. We will allow the police to patrol your neighborhood. anytime they want, they can come and peer in your windows, attach listening devices to your home, video tape EVERYTHING you do in your home ( sit on the toilet and think about that ).
        You want to protect this country? then lets change the modern, pansyass "rules of engagement" and go stomp them dirtbags out of existence!
        winddrift03
        • There's obviously a fine line ...

          ... between spying on suspected terrorists and "everyone". Yes, to ensure that they get all the needed data, the NSA sniffs traffic that might be from anyone. But they apply filters -- like the Google cookie IDs -- to ferret out the data they need.

          Is that ideal? Probably not. But I truly do sleep better at night knowing that the people in the US intelligence community are doing their jobs and trying to track suspects, even if it means sifting through our internet traffic. Frankly, I see this as a heckuva lot more effective than the TSA screenings in airports.

          Admittedly, I happen to be one of those people who doesn't feel like I have any deep, dark, illegal secrets that the NSA or whomever would have any interest in, so I'm not worried about authorities tracking any of my data. But I realize that others are more concerned, and I would certainly support changes that make it more difficult for (or outright prohibit) authorities to make use of any data that they obtain for anything other than proceedings against terrorists or attacks against our national security. In other words, they'd be prohibited from using such info in simple criminal or misdemeanor cases. Would that appease folks who are concerned? I'm guessing not, but might it be a compromise?

          Lastly, despite all the automation that makes it possible for the NSA to spy on presumably law-abiding US citizens, I somehow suspect that they don't have the manpower to investigate everything that might possibly be flagged as "suspicious". I know if I were writing such a system, I'd build in various "levels" of sensitivity ... and practicality would dictate only flagging the truly important terrorist/national security-level threats, because there'd be no practical way to follow up on every minor peculiarity that might get flagged. But that's just a guess on my part.

          Again, I have no inside knowledge of how these systems operate and I've been called naive a time or two before.
          imalugnut
          • You sleep better? You shouldn't

            If you believe these programs contribute to your safety, you are in need of some urgent lesson in statistics. Because with a bunch of data this size, false alarms are as, if not more likely than real leads. So what this method of "protecting" you does is
            a)leading people on wild goose chases and
            b)leading to innocent people being suspected.

            You say you would build in "various levels of sensitivity. But you miss the point. Sensitivity isn't the issue. Specificity is. If you see this as effective, you have no idea what you are talking about.

            Anyone believing this to be an instrument to catch terrorists needs to take some courses in math. This has nothing to do with "deep, dark secrets" and everything with IP, industrial espionage, blackmail and political leverage.
            hydroxide
          • Really ????

            If your ASSumption were even slightly correct then we wouldn't know of NSA employees using NSA spy data on people who ARE NOT SUSPECTS IN ANY CRIME to find out about their love life and other personal information.

            WOW It will be just a matter of time until all of you people who are so un worried about NSA Spying on the average citizen with an "BECAUSE I DON'T DO ANYTHING WRONG" mentality get upset because your children are approched by a government agency on a unauthorized witch hunt or fishing attempt.
            IT HAS ALREADY HAPPENED AND WILL ESCLATE. Welcome to the police state.
            mark@...
          • And of course

            Your militia is having a training exercise this weekend. do you get a new set of coffee mugs if you scare some sap into joining?
            Having spent a number of years in various levels of the "evil empire", the guy that said they just don't have the manpower to review all that they scan is right.. 300,000 americans, a good number under 18 who we know send 1000's of messages a day.. imaging having to review all of that.. could be terrorist code!

            Some people are just not happy unless everyone is out to get them.
            Putertechn
  • Oh nice...

    Just let the terrorists, child molesters, drug smugglers, murderers, and other criminals know how the authorities are looking for them. I'm sure that will make it much easier to catch them. What FBI agent doesn't love an impossible man hunt after the ball has been removed from their court?
    My Galaxy Prime
    • Guess we all know

      who you work for you stinking commie!
      winddrift03
    • Evidently, they do....

      Otherwise, they wouldn't engage in programs that create as many red herrings as genuine leads (if not more)
      hydroxide
  • NSA using Google cookies, app location data to track targets

    The NSA got more information from Google than they did with Microsoft yet Microsoft is the one catching all the flack. I don't see the same backlash against Google.
    Loverock.Davidson
    • I agree Google is WAY MORE INTRUSIVE THAN MS

      Microsoft is nothing compared to Google
      Google has:
      A camera photo on every house on every street.
      A Hotspot tracking map to disclose all WIFI access points
      Been busted hacking personal data from unsecure WIFI hotspots.
      A phone with a GPS, forward-rear facing cameras, and Microphone in 50% of the people pocket. (under Googles control Who knows?)
      A browser search engine that tracks and stores ALL SEARCHES and triangulates users location for marketing
      mark@...
  • Protect Yourself Online

    There are solutions for email and internet security. When the servers are located in the US or Canada they are subject to the US Patriot Act. That means that when the government (NSA, IRS, etc.) requests information on us those companies MUST comply - and all without a search warrant. This is against the US Constitution's 4th Amendment. Check out ForHisGlory.PrivacyAbroad.com for established Swiss-based companies that ARE NOT under US jurisdiction! Let's take back our Fourth Amendment rights!!
    OldGlory13
  • Hey LinuxGeek

    How about that Google? Care to redefine your "Axis of Evil" now?
    athynz
    • why do you assume google are complicit?

      Google are leading the charge to reveal what they are forced to provide... seems they wouldnt be doing that I'd they themselves have lots to hide.

      if Google had to provide tracking data for cookies you can bet they were forced to. more likely that the NSA used their dodgy backdoors to acquire it like cell phone meta data collection.
      frankieh
      • If you read any of

        LinuxGeek's far fetched manifestos against any company that is not open source then you'd understand my post. Google is likely no more complicit than Apple, Microsoft, or any other company in terms of giving user info away without a warrant... And yes I was stirring the pot a bit.

        BTW posting the same thing twice does not make your point any more - or less - valid.
        athynz
    • why do you assume google are complicit?

      Google are leading the charge to reveal what they are forced to provide... seems they wouldnt be doing that I'd they themselves have lots to hide.

      if Google had to provide tracking data for cookies you can bet they were forced to. more likely that the NSA used their dodgy backdoors to acquire it like cell phone meta data collection.
      frankieh
  • What click bait! This title is badly misleading!

    NSA uses cookies from any website it can access. To mention Google in the title alone shows the author's extreme bias against Google. Microsoft, Yahoo, and other sites have had those cookies raided too.

    Nice railroad job Larry!
    linuxisforme
    • Yes, very much bait...

      But then NSA has now revealed itself as relying more on luck than intelligence in everything we learn about, which should make us all a lot more nervous about living under this current integrity impoverished regime.
      Willnott