A map of web traffic. (Internet Map)
This week, new documents from NSA leaker Edward Snowden arrived with some troubling revelations: the NSA has been piggybacking on Google's network, using the company’s "preferences" cookie to follow users from site to site, proving their identity before targeting them with malware. It means the agency has tapped into one of the most popular features on the web and the core of Google's multibillion-dollar ad-targeting empire. Instead of just targeting ads and saving preferences, the infrastructure is being used to find people the NSA is interested in and silently infect their devices with malware.
"It solves a bunch of tricky problems for bulk web surveillance."
What's still unclear is whether the NSA is directly hacking Google or using some other way to track these cookies. But while the company is officially keeping quiet, the simple math of cookie tracking makes it likely that the NSA didn't need any help from Google. Tracking cookies offers the NSA the perfect system for following suspects across the web: it's pervasive, persistent, and for the most part, it's still unencrypted. "It solves a bunch of tricky problems for bulk web surveillance that would otherwise be quite difficult," says Jonathan Mayer, a fellow at Stanford's Center for Internet and Society who worked with the Washington Post on the report. The right cookie will follow you as your phone moves from 3G to a coffee shop's Wi-Fi network, and in many cases it'll broadcast your unique ID in plain text.
Once the NSA controls cookies, it can use them as a free pass into almost any machine on the web.
For the NSA, it's practically made to order. If the agency can suss out a particular person’s unique cookie ID, they can watch for the ID at the cookie-delivery spot (in this case, Google) and get a full record of the person’s movements on the web. The Washington Post doesn’t describe how the agency uses those cookies to deliver malware, but many researchers have already guessed at a likely mechanism. With control of the network, the agency could be able to interject packets in place of a standard cookie, seeding your device with whatever program they want. The result would look like a cookie from Google, but actually be a malware packet disguised as a cookie, tailored to whichever site the agency knows you’re visiting. It’s still just speculation, but it gives a sense of just how powerful the cookie system is for a network-level attacker like the NSA. Once the agency controls cookies, it can use them as a free pass into almost any machine on the web.
Identifying information sent over public tubes with no protection
It’s hard to guard against these attacks because encryption schemes are uniquely tricky to implement for cookies. As cryptographer Ed Felten points out, regular encryption doesn't work in the case of unique cookie IDs. (The encoded version of a unique ID is a unique ID itself — all you've done is change the number.) The more permanent solution is HTTPS-based encryption, but the more complex handshake slows down load times, which scares away many trackers. The result is a lot of identifying information being sent over public tubes with little to no protection.
The problem is that Google is one of the few companies that enables HTTPS on principle, even if that makes the +1 buttons load a little slower. HTTPS is enabled in both Google's DoubleClick ad cookies and service-based preference cookies — including the PREF cookie that's mentioned in the new Snowden documents. If the NSA was going to be following that cookie, unlike most of the cookies floating around the web, the agency needs to negotiate at least a little bit of HTTPS. It’s certainly plausible that they found a way around it. We know from earlier leaks that the NSA has ways of getting around SSL, and it may have followed the Google cookies using similar tricks — but it seems more likely that the agency would have moved on to easier pickings, given the prevalence of unencrypted tracking-cookie networks. Ironically, Google’s good security practices are slightly incriminating here: the more secure its network, the more likely it is that the attackers were working from the inside, whether through legal compulsion or tapping private networks.
"I suspect it's an old slide ... but I'm not certain."
The most likely explanation, favored by UC Berkeley cryptographer Nicholas Weaver, is a little less exciting. "I suspect it's an old slide, written from back when Google's cooperation wasn't needed," Weaver says. "But I'm not certain about it." The Washington Post dates the slide to a presentation given in April, 2013, three months after Snowden first made contact with Greenwald, which is well after Google implemented HTTPS for its PREF cookies. Still, it could have been an outdated slide or Snowden could simply have gotten the date of the presentation wrong, although the Post has emphasized that the date was thoroughly vetted before publishing. Still, many are skeptical of Google involvement, including Mayer. "It doesn't appear the NSA had any particular access to Google infrastructure," Mayer says. "This was based on watching tracking cookies flow across the open web."
Tools like Ghostery will show dozens of cookies following you from site to site
The larger problem is figuring out where we go from here. Google’s PREF cookie is a powerful tool, reaching every page with a Google Search bar, Google Map, or +1 button — but it’s hardly the only cookie that could be used this way. Tools like Ghostery will show dozens of cookies following you from site to site, whether it’s for ads, analytics, or universal log-ins like Facebook. Any one of those cookies could be used the same way: to find a single person and drop malware silently into their device. As long as one of them is unencrypted, the NSA will have an unimpeded path through, and while the companies are competing on load times rather than security, they have little incentive to switch.
Seen from that vantage, the problem isn’t Google: it’s everyone. "The quid pro quo of the behavioral advertising ecosystem stinks," says ACLU technologist Christopher Soghoian. "Our web browsers and mobile operating systems have been designed with defaults that facilitate tracking of our activities. It’s only natural that the NSA would try to harness it." The web runs on tracking. It powers our analytics, our ads, and personalized services from Facebook to Netflix. It’s not clear what unwinding that system would even mean. Universal HTTPS would be a start (some have already proposed it), but the deeper problem is a web that’s built for speed rather than security. Most ad networks have never even considered how to guard against a network-level attacker like the NSA. Hardening those networks would be a massive undertaking, requiring new security at every level and no small amount of performance tradeoffs. Even now, after Snowden has proved how real the threat is, it may not be a leap they’re willing to take.