NSA has direct access to tech giants' systems for user data, secret files reveal

NSA uses Google cookies to pinpoint targets for hacking

"The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance....

According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or "cookies" that advertising networks place on computers to identify people browsing the Internet. The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie. These cookies typically don't contain personal information, such as someone's name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person's browser.

In addition to tracking Web visits, this cookie allows NSA to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer. The slides say the cookies are used to "enable remote exploitation," although the specific attacks used by the NSA against targets are not addressed in these documents."

Full Story here: http://www.washingtonpost.com/blogs...ookies-to-pinpoint-targets-for-hacking/?clsrd

 

Re: NSA uses Google cookies to pinpoint targets for hacking

So will Google rethink their own tracking strategy, knowing that the very people they recently and quite boldly said "~ Snipped as per TOS ~ NSA" to, are using their cookies to do the very thing Google says it is now against? I very much doubt it.

 

NSA uses Google cookies to pinpoint targets for hacking....
http://www.washingtonpost.com/blogs...ogle-cookies-to-pinpoint-targets-for-hacking/

Im going to have to work harder now to block cookies and advertisers.

 

Session Cookies Only might protect from this. I went to Google twice, shutting down Firefox each time. I use Cookie Monster. The PREF ID changed:

ID=9e5787e8293dbe68:FF=0:TM=1386758499:LM=1386758499:S=HLI7aU3urGDXQBrt
ID=6ed640dd37d26c0a:FF=0:TM=1386758661:LM=1386758661:S=cXYW9ZOFty7tU0zB

I would remember to delete all Google cookies *during* a session, when done using Google, as well - With Cookie Monster, this is easy.

 

Sweden worked with NSA in hacking activities

http://sverigesradio.se/sida/artikel.aspx?programid=2054&artikel=5729922

 

Any [semi] persistent unique identifier is a potential threat that could come into play somehow, now and/or in the future. Thus one might want to consider all means of passing, storing, and using those. Cookies, LSOs, GUIDs built into or generated by software, identifiers embedded within URLs particularly in conjunction with Referrer and/or other mechanisms for passing info across pages or domains, the advertising IDs that are being built into app platforms, custom unique identifier mechanisms relying upon one of the various types of browser supported storage mechanisms, ETags and other caching related mechanisms, etc, etc.

If the unique identifier flows over a non-encrypted communications channel, intermediaries (including but not limited to government agencies) can see and leverage it. However, even those flowing over encrypted channels are a threat because companies and sites often expose the information in unencrypted form to third party hosting/cloud platforms, sometimes allow other commercial companies and/or government agencies to MITM their secure connections, etc. Government agencies might not be using all available techniques, but commercial companies (as a class) are and government agencies get much of the information and access through commercial company cooperation. There is also that little matter of the threats posed by commercial companies themselves. Which may very well be even greater than those posed by the NSA and other government agencies.

Block all the things! Jking. No, not really

 

What's happening is that the NSA requests for information are affecting the dollar bottom line. This is what is happening now as the large companies named have been complying with government data requests for probably a lot longer than has been disclosed.

 

I am sure they have been doing so for much longer than they have admitted, yes. Mr. Snowden wasn't the first one to warn others that things were amiss, he just received more publicity due to information being much more easily spread than in the past. Not only are bottom lines at stake in this, but also progress. Not very long ago, the cloud was being touted as changing the world. Now the cloud and cloud companies are shied away from and looked upon with suspicion.

 

Well, 50-100 years ago, US telegraph companies shared everything with military intelligence, but there was no public discussion. Even 20 years ago, NSA effectively meant "No Such Agency". The Internet is changing the game for everyone. Perhaps we'll have a "New World Order" that benefits everyone.

 

Thats exactly how they'll manage to usher it in. Make the nice benefits appear better than the nasty sting in the tail. Yu'all know theres no such thing as a free lunch.

 

There's are certainly risks to globalization, if it benefits only the wealthy and powerful. But the Internet is profoundly changing the game. So I remain optimistic

 

Time Person of the Year runner-up Snowden wants unbreakable encryption for all citizens
http://www.theverge.com/2013/12/11/...-the-year-runner-up-snowden-wants-unbreakable

 

Will NSA cut it out if Congress passes no-bulk-spying bill? “Depends”.

-- Tom

 

Re: Sweden worked with NSA in hacking activities

NSA's Xkeyscore etc were revealed about two years ago as "Google for spies" in The Silicon Jungle

But that was just fiction [cough, choke, lol].

 

http://www.washingtonpost.com/busin...19b598-612f-11e3-bf45-61f69f54fc5f_story.html

 

Archaic but widely used crypto cipher allows NSA to decode most cell calls.

-- Tom

 

http://www.nytimes.com/2013/12/15/us/officials-say-us-may-never-know-extent-of-snowdens-leaks.html

 

Why would Mr. Snowden risk such an ever so unlikely to be honored deal? There are two things wrong with such a deal. Number one, he along with other quite upset governments have the U.S by the family jewels if you know what I mean because those documents are still out there. They aren't going to try to kill or capture him when they have no idea where or how many copies might be around. Number two, it is much too late to do damage control and make nice. It is when he has nothing left to expose or the people holding the documents for him are turned, that the real danger begins.

 

As Guardian newspaper editor Alan Rusbridger told the UK 'Home Affairs Select Committee', only 1% of files leaked by former US intelligence analyst Edward Snowden have been published by the Guardian newspaper. link
Der Spiegel and other media have access to about the same leaked files as the Guardian and have not published extraordinary stuff; so also published about 1% of what Snowden has leaked.
Still unknown is what percentage of the entire copied batch, Snowden has leaked. 2%? 5 or 10%?
The other percentage/remaining stuff, is apparantly so potentially damaging that immunity becomes an option, for some in the NSA at least.
Reported in the NYTimes article, linked by Pinga above, NSA officials concede that they might never find out what exactly has been taken by Snowden.
As they only know that approx. 1% of leaked/disclosed files, not the undisclosed files -still a 'known unknown quantity'- has been published, they can not know when he has 'nothing left to expose'.

 

Re: NSA uses Google cookies to pinpoint targets for hacking

"In addition to tracking Web visits, this cookie allows NSA to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer."

Send out - right ... like in the movies.
I sent thee thy malware.

Too much Die Hard 4 for some people.

Mrk

 

http://www.theregister.co.uk/2013/12/16/nsa_alleges_bios_plot_to_destroy_pcs/

 

Bruce Schneier and Eben Moglen discuss a post-Snowden Internet (Video: 1:31:45 - hh:mm:ss)

-- Tom

 

Re: NSA uses Google cookies to pinpoint targets for hacking

Do you chastize the media report or the Snowden leak/NSA slide info?

From the WP blog article linked above;

The whole article only mentions the cookie being used as an 'identifier', not a 'definitive enabler' for whatever TAO hacking/remote access scenario.

 

Judge: NSA's bulk collection of phone records violates Constitution's ban on unreason

http://www.dallasnews.com/news/local-news/20131216-judge-nsa-s-bulk-collection-of-phone-records-violates-constitution-s-ban-on-unreasonable-searches.ece

 

Re: NSA uses Google cookies to pinpoint targets for hacking

I just quoted from your quote ... not criticizing anyone.
I am discussing the article content.
Mrk