The Washington Post is reporting that the NSA has a simple way to work out if someone is worth hacking or not: it just reads their Google cookies.
Leaked slides from an internal presentation reveal that the NSA use the cookies and location data from Google to pinpoint targets for government hacking. The Post explains:
According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or “cookies” that advertising networks place on computers to identify people browsing the Internet. The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie. These cookies typically don’t contain personal information, such as someone’s name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person’s browser.
In addition to tracking Web visits, this cookie allows NSA to single out an individual’s communications among the sea of Internet data in order to send out software that can hack that person’s computer. The slides say the cookies are used to “enable remote exploitation,” although the specific attacks used by the NSA against targets are not addressed in these documents.
It’s not a way of finding suspicious behaviour, then, but a way to home in on someone already under suspicion. Which doesn’t sound as bad as some of the NSA tricks in use, but its still a serious invasion of privacy. [Washington Post]