Slashdot Mirror
Nation-backed Hackers Using Evercookie and Web Analytics To Profile Targets (securityledger.com)
chicksdaddy writes: There's such a fine line between clever and criminal. That's the unmistakable subtext of the latest FireEye report on a new "APT" style campaign that's using methods and tools that are pretty much indistinguishable from those used by media websites and online advertisers. The difference? This time the information gathered from individuals is being used to soften up specific individuals with links to international diplomacy, the Russian government, and the energy sector.
The company released a report this week that presented evidence of a widespread campaign (PDF) that combines so-called "watering hole" web sites with a tracking script dubbed "WITCHCOVEN" and Samy Kamkar's Evercookie, the super persistent web tracking cookie. The tools are used to assemble detailed profiles on specific users including the kind of computer they use, the applications and web browsers they have installed, and what web sites they visit.
While the aims of those behind the campaign aren't known, FireEye said the use of compromised web sites and surreptitious tracking scripts doesn't bode well. "While many sites engage in profiling and tracking for legitimate purposes, those activities are typically conducted using normal third-party browser-based cookies and commercial ad services and analytics tools," FireEye wrote in its report. "In this case, while the individuals behind the activity used publicly available tools, those tools had very specific purposes....This goes beyond 'normal' web analytics," the company said.
The company released a report this week that presented evidence of a widespread campaign (PDF) that combines so-called "watering hole" web sites with a tracking script dubbed "WITCHCOVEN" and Samy Kamkar's Evercookie, the super persistent web tracking cookie. The tools are used to assemble detailed profiles on specific users including the kind of computer they use, the applications and web browsers they have installed, and what web sites they visit.
While the aims of those behind the campaign aren't known, FireEye said the use of compromised web sites and surreptitious tracking scripts doesn't bode well. "While many sites engage in profiling and tracking for legitimate purposes, those activities are typically conducted using normal third-party browser-based cookies and commercial ad services and analytics tools," FireEye wrote in its report. "In this case, while the individuals behind the activity used publicly available tools, those tools had very specific purposes....This goes beyond 'normal' web analytics," the company said.
A few years ago (2010~2011)
Tracking Browsers Without Cookies Or IP Addresses?
http://yro.slashdot.org/story/...
EFF Publishes Study On Browser Fingerprinting
http://yro.slashdot.org/story/...
EFF Says Forget Cookies, Your Browser Has Fingerprints
http://yro.slashdot.org/story/...
Browsers seem to send back a lot of basic data if asked that can build a nice profile over many visits.
Domestic spying is now "Benign Information Gathering"
NSA Uses Google Cookies to Pinpoint Targets for Hacking
https://www.washingtonpost.com/news/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/
By Ashkan Soltani, Andrea Peterson, and Barton Gellman
December 10, 2013
The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance.
The agency's internal presentation slides, provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government. The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations.
For years, privacy advocates have raised concerns about the use of commercial tracking tools to identify and target consumers with advertisements. The online ad industry has said its practices are innocuous and benefit consumers by serving them ads that are more likely to be of interest to them.
The revelation that the NSA is piggybacking on these commercial technologies could shift that debate, handing privacy advocates a new argument for reining in commercial surveillance.
According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or "cookies" that advertising networks place on computers to identify people browsing the Internet. The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie. These cookies typically don't contain personal information, such as someone's name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person's browser.
In addition to tracking Web visits, this cookie allows NSA to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer. The slides say the cookies are used to "enable remote exploitation," although the specific attacks used by the NSA against targets are not addressed in these documents.
The NSA's use of cookies isn't a technique for sifting through vast amounts of information to find suspicious behavior; rather, it lets NSA home in on someone already under suspicion - akin to when soldiers shine laser pointers on a target to identify it for laser-guided bombs.
Separately, the NSA is also using commercially gathered information to help it locate mobile devices around the world, the documents show. Many smartphone apps running on iPhones and Android devices, and the Apple and Google operating systems themselves, track the location of each device, often without a clear warning to the phone's owner. This information is more specific than the broader location data the government is collecting from cellular phone networks, as reported by the Post last week.
"On a macro level, 'we need to track everyone everywhere for advertising' translates into 'the government being able to track everyone everywhere,'" says Chris Hoofnagle, a lecturer in residence at UC Berkeley Law. "It's hard to avoid."
These specific slides do not indicate how the NSA obtains Google PREF cookies or whether the company cooperates in these programs, but other documents reviewed by the Post indicate that cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. If the NSA gets the data that way, the companies know and are legally compelled to assist.
The NSA declined to comment on the specific tactics outlined in this story, but an NSA spokesman sent the Post a statement: "As we've said before, NSA, within its lawful mission to collect foreign intelligence to protect the Un
I used a combination of plugins self-destructing cookies, disconnect, and u-block. Works well. Just don't whitelist Google sites or social media. You can use your browser's password store if you get tired of having to log in after every time you close your browser window.