NSA and CIA use ad blockers because online advertising is so dangerous

NSA sign

Image: Saul Loeb, contributor via Getty Images

Piracy. Disinformation. Monitoring. CYBER is Motherboard’s podcast and feature story on the dark underbelly of the Internet.

Many people who use ad blockers say they do this to block malicious ads that can sometimes hack into their devices or harvest sensitive information from them. It turns out that the NSA, CIA, and other agencies of the US Intelligence Community (IC) are also blocking ads for potentially the same sort of reasons.

The IC, which also includes parts of the FBI, DEA and DHS, and various elements of the DoD, has deployed ad blocking technology on a large scale, according to a copy of a letter sent by Congress and shared with Motherboard.

The news highlights the continuing risk of the online advertising ecosystem. Some hackers use the way advertisements are served to send malware to target devices. Data brokers and potentially intelligence agencies can leverage the ecosystem to gather information about devices and by extension people, sometimes including their physical location. The CI that takes steps to protect itself from the dangers of the advertising ecosystem shows just how malicious it can be.

“IC has implemented network-based ad blocking technologies and uses information from multiple layers, including domain name system information, to block unwanted and malicious ad content,” he recently reported. the IOC told the Wyden office, according to the letter.

Do you have any information on how the bidstream data was used to track people? We would love to hear from you. Using a non-business phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox or by email at [email protected]

With malicious advertising, hackers upload malicious ad to ad network, which then distributes it to targets. Previous cases of malicious advertising have redirected victims to exploit kits, which then break into the victim’s computer to steal data.

Additionally, Motherboard explained how data brokers can obtain information through a process called real-time auctions. Before an ad is placed in a person’s app or browsing session, businesses bid on whether their own ad will win the ad. As part of this process, participating companies can collect data on people, known as bidstream data, even if they don’t win the ad slot. Motherboard previously reported that Venntel, a US government contractor, obtains some of its location data from the real-time bidding process.

But this access could extend to foreign entities. Senators Ron Wyden, Mark Warner, Kirsten Gillibrand, Sherrod Brown, Elizabeth Warren and Bill Cassidy previously written to a group of technology companies including AT&T, Verizon, Google and Twitter, who are concerned that ad networks are being exploited by foreign intelligence services.

“This information would be a gold mine for foreign intelligence services who could use it to inform and intensify campaigns of hacking, blackmail and influence,” the letter read. Responses from some of the tech companies have shown that hundreds of relatively obscure and neglected companies are potentially receiving sensitive data about Americans. The companies included those based in Russia, China and the United Arab Emirates, such as Motherboard reported in June.

The Office of the National Intelligence Directorate (ODNI) did not respond to a request for comment on ad blocking practices. A spokesperson for the DEA told Motherboard in an email that “For the safety and protection of our environment, the Drug Enforcement Administration (DEA) does not disclose its cybersecurity measures. Infrastructure Security Agency (CISA) and other governing bodies when implementing cybersecurity controls. “

An NSA spokesperson told Motherboard in an email that “in order to keep unclassified networks secure for standard business operations, the NSA CIO institutes a set of deep network protections to keep the network secure. throughout our business. While we are unable to detail their protections for operational reasons, the NSA’s dynamic security approach is constantly adjusting and improving our network defenses. “

The quote from IC’s chief information officer was included in a letter Wyden sent to Clare Martorana, the federal chief information officer at the Office of Management and Budget (OMB), asking him this week to establish rules for other agencies as well.

“I am writing to urge the Office of Management and Budget (OMB) to protect federal networks from spies and foreign criminals who abuse online advertising for hacking and surveillance, by setting clear new rules for them. agencies in its upcoming ‘zero trust’ cybersecurity policy, ”Wyden wrote.

Wyden pointed to recommendations released previously by the NSA and the Cybersecurity and Infrastructure Security Agency (CISA), encouraging readers to use ad blocking technology. The NSA also issued guidelines around the threat of collecting and selling location data.

“While the intelligence community has acted to protect its staff and computers from malicious ad-based threats, many other federal agencies have not, and are unlikely to do so until To that end, as the OMB finalizes its recently released Federal Zero Draft Trust Strategy, detailing the specific actions the OMB is asking federal agencies to take to secure their systems from hackers , I urge the OMB to also require agencies to implement the CISA and NSA guidelines to block ads, ”Wyden’s letter continued.

“This administration is committed to strengthening federal cybersecurity and moving the US government towards a zero trust architecture,” an OMB spokesperson told Motherboard in an email. As part of this effort, the Office of Management and Budget has requested public comment on a proposed zero trust federal strategy that calls for strong multi-factor authentication, network traffic encryption, and other practices. cybersecurity issues. Over the next few weeks, we will be reviewing and considering every feedback we received as part of this process as we finalize this strategy.

Subscribe to our cybersecurity podcast, CYBER.

Leave a Reply

Your email address will not be published.