The NSA and its British counterpart GCHQ are secretly piggybacking on website cookies to track and monitor the internet use of surveillance targets.

Detekt tool is designed to help users scan their computers for government surveillance programmes
Reuters

Documents leaked by former NSA contractor Edward Snowden reveal how the government spying agencies use cookies - small pieces of data normally used to serve browsers with adverts relevant to their interests - to identify and track potential suspects.

Published by the Washington Post, the documents reveal how the agencies use advertising cookies specifically operated by Google, known as Pref, to "pinpoint" targets. While the cookies do not contain the user's name or email address, they contain a code unique to the user's web browser.

Once the NSA and GCHQ has that code, their agents can reportedly single out a specific machine and send out software designed to hack into it and reveal more information about the suspect.

The use of cookies was a contentious enough topic even before the latest spying revelations were published, as privacy advocates are unhappy with how they monitor users' web activity and issue adverts based on the sites they visit.

Changes to European law in May last year mean websites must issue a notice to first-time visitors explaining how the site uses cookies to track their activity, but in the UK these messages can merely request implied rather than explicit consent from visitors.

Slides leaked by Snowden say cookies are used by the NSA to "enable remote exploitation" of the target's computer, but the Washington Post reports that specific attacks using this method were not published in the documents.

Laser-guided bombs

The newspaper likened the NSA's actions to "when soldiers shine laser pointers on a target to identify it for laser-guided bombs" - in other words, the technique doesn't provide any new information on the target, but helps the agency single out the suspect's computer and attack it directly with other software.

Although the agency's actions here are not as forceful as disclosed by Snowden's previous leaks, the practise is still one which internet users will not expect, and which Google does not currently disclose.

It is unclear if Google is aware of the NSA's use of its cookies, or if the search giant was required to comply by the Fisa court.

Google is yet to respond to requests for comment by both the Washington Post and IBTimes UK.

Wholescale collection of data

A NSA spokesman told the US newspaper: "As we've said before, NSA, within its lawful mission to collect foreign intelligence to protect the United States, uses intelligence tools to understand the intent of foreign adversaries and prevent them from bringing harm to innocent Americans."

Google recently joined Facebook, Apple and other major technology companies in a coalition against government spying on their users. Google chief executive Larry Page said: "The security of users' data is critical, which is why we've invested so much in encryption and fight for transparency around government requests for information.

"This is undermined by the apparent wholesale collection of data, in secret and without independent oversight, by many governments around the world."

Facebook Google