Category Archives: Choke Point

CommonCore = CommonCrap

Posted on by

Much has been written about the CommonCore educational system being pushed on state education systems nationally. While more than 60% of states push back after really learning what the syllabus is about, it has been proven what the system is about but few are listening.

CommonCore was created by leaders of global corporations to indoctrinate students into a very narrow channel of choices when it came to what they could study for the sake only of the future of business enterprise.

But now we have even more companies vying for a slice of the money via no bid contracts as a result of studies, marketing and database analysis of student performance.

CommonCore is yet another platform for fraud, collusion and abuse where most sadly students and parents are the pawns. C’mon parents get involved for the sake of your children, for the sake of their education and for the sake of taxpayers and for the sake of a viable and sound future of America.

Fight Is On for Common Core Contracts

Testing Companies Jockey for a Growing Market, Protest States’ Bidding Process

By

Caroline Porter

Caroline Porter
The Wall Street Journal
CANCEL

29 COMMENTS

As states race to implement the Common Core academic standards, companies are fighting for a slice of the accompanying testing market, expected to be worth billions of dollars in coming years.

That jockeying has brought allegations of bid-rigging in one large pricing agreement involving 11 states—the latest hiccup as the math and reading standards are rolled out—while in roughly three dozen others, education companies are battling for contracts state by state.

Mississippi’s education board in September approved an emergency $8 million contract to Pearson PLC for tests aligned with Common Core, sidestepping the state’s contract-review board, which had found the transaction illegal because it failed to meet state rules regarding a single-source bid.

When Maryland officials were considering a roughly $60 million proposal to develop computerized testing for Common Core that month, state Comptroller Peter Franchot also objected that Pearson was the only bidder. “How are we ever going to know if taxpayers are getting a good deal if there is no competition?” the elected Democrat asked, before being outvoted by a state board in approving the contract.

ENLARGE

Mississippi and Maryland are two of the states that banded together in 2010, intending to look for a testing-service provider together. The coalition of 11 states plus the District of Columbia hoped joining forces would result in a better product at a lower price, but observers elsewhere shared some of Mr. Franchot’s concerns.

The bidding process, which both states borrowed from a similar New Mexico contract, is now the subject of a lawsuit in that state by a Pearson competitor.

For decades, states essentially set their own academic standards, wrote their own curricula and designed their own tests. In a bid partly to help the U.S. education system keep up with overseas rivals, state leaders began working on shared benchmarks.

With financial and policy incentives from the Obama administration, 45 states and D.C. initially adopted Common Core. But the standards have faced pushback from some parents and conservatives who say they represent federal overreach. Two states have pulled out and are writing their own standards.

Still, most states are implementing Common Core and accompanying testing this year. The sheer size of that effort and this year’s deadline heighten the stakes and exacerbate the difficulty of hiring test suppliers.

“Winning the policy battle was not even half the battle,” said Michael McShane, a research fellow in education policy at the American Enterprise Institute, a conservative think tank, who is skeptical about Common Core. “It was more like 10%, and 90% of the battle is implementation.”

The $2.46 billion-a-year U.S. testing market is seeing more competition beyond the three traditional powers of Pearson, Houghton Mifflin Harcourt Co. and McGraw-Hill Education CTB, according to Simba Information, a market-research firm. While McGraw-Hill recently got a $72 million contract for assessment services with several states, meanwhile, midsize vendors such as AIR Assessment and Educational Testing Service are winning big states like Florida and California.

Amplify, the education subsidiary of News Corp, which owns The Wall Street Journal, also provides assessment products.

Some experts say legacy companies are best able to meet states’ demands and offer familiar relationships during this period of flux. At the same time, the move to new standards coincided with a switch to digital and online learning that has forced vendors to rethink their strategies.

Maryland’s contract with Pearson was built off the one in New Mexico, which took the lead in writing the bidding documents for a four-year, roughly $26 million contract that applied to that state. But other states in the coalition were meant to copy the contract and competition, meaning its full value could balloon to $1 billion.

In the spring, New Mexico field-tested new state exams. The state relied on Pearson for a piece of software that delivers the test. AIR Assessment, a rival company to Pearson, protested over the bidding process last year and filed a lawsuit in the Santa Fe First Judicial District this past spring alleging that only Pearson could fulfill the bid requirements.

This summer, Judge Sarah M. Singleton ruled that state administrators had to review AIR Assessment’s concerns. New Mexico officials subsequently found the concerns invalid.

AIR Assessment is appealing that finding and asking that New Mexico reopen the bidding process with new specifications for the next school year—potentially reopening the contracts in all 11 states and D.C. Judge Singleton could rule as soon as this month, according to Jon Cohen, president of AIR Assessment, a division of the American Institutes for Research, a not-for-profit organization.

“We just want a fair bid,” Mr. Cohen said, whose company recently won a $220 million contract to provide Common Core-related testing products over six years to Florida. A spokesman for New Mexico’s education department called AIR’s allegations “frivolous.” Pearson declined to comment on the suit.

“You’re seeing a whole ecosystem transform,” said Shilpi Niyogi, a Pearson official. “There’s new players and new innovation, and we’re constantly looking at the relationship between innovation and scale.”

 

 

Gruber-gate, the Gift that Keeps Giving

Posted on by

Jonathon Gruber should not be the villain. He is an expert on how to finesse government and he made money doing it. The villains are ONLY the Democrat lawmakers and powerbrokers as it is exclusively the Democrats that forced the deal-making and cunning objective to pass the law known as the Affordable Care Act.

Several government agencies paid Gruber for his consulting, including the Department of Justice paying $1.7 million for his expert witness testimony. Then a handful of states paid Gruber for his services.

It is remarkable that it took so long for Gruber’s presentations and truths to bubble to the surface. The Democrats punked America and the costs into the hundreds of millions continue to be tabulated. Gruber WAS NOT the only one to profit in this historical and epic conspiracy.

 

Grubergate shines spotlight on Obamacare profiteers

Remember when Nancy Pelosi declared that Obamacare was a jobs bill? “It’s about jobs,” Pelosi said in 2011, during a news conference to mark the first anniversary of passage of the Affordable Care Act. “Does it create jobs? Health insurance reform creates 4 million jobs.”

Like many other promises about Obamacare, that hasn’t worked out. But there is no doubt that Obamacare created a lot of work for at least one American — MIT professor Jonathan Gruber. Gruber’s frank admissions that he and others deceived the public about Obamacare have drawn a lot of attention in recent days. But the money that Gruber made from Obamacare raises yet another issue about his involvement in the project. Throughout 2009 and 2010, he energetically advocated a bill from which he stood to profit. And when it became law, the money rolled in.

In 2009, as Obamacare was moving its way through Senate committees, Gruber, who had achieved a measure of fame as the architect of Romneycare in Massachusetts, was a paid consultant to the Department of Health and Human Services. In March of that year, he received a contract for $95,000 to work on the project, and in June he received a second contract to continue that work; it was worth $297,600. Together, they comprise the “nearly $400,000” that critics have said Gruber received to work on Obamacare.

But after the bill became law, Gruber made a good deal more from it. The Affordable Care Act provided for states to set up exchanges to sell taxpayer-subsidized insurance coverage. For those states that chose to do so, exchanges would have to be built from the ground up. Studies would have to be done. Contracts would be let.

In 2010, the state of Wisconsin, under Democratic Gov. Jim Doyle, paid Gruber $400,000 to do a study of the impact of healthcare reform. By the time Gruber finished his report, Republican Scott Walker had been elected governor and wasn’t much interested in using Gruber’s study. “State officials did not invite Gruber to Wisconsin for the release of his study nor did they set up a conference call with him for reporters or even provide them with his contact information,” the Madison, Wis., Capital Times reported. “That is unusual for an important report like this, which cost $400,000.”

In the two years between March 2011 and March 2013, the state of Minnesota paid Gruber $329,000 to study how to make its exchange conform with Affordable Care Act requirements.

In 2012, the state of West Virginia signed a contract with Gruber to study its healthcare system. “The state will pay MIT professor Jonathan Gruber $121,500 to understand the states health insurance landscape and revisit key assumptions about state health care policy,” the Charleston Daily Mail reported in September of that year. “Gruber is a policy rock star of sorts. He’s advised more than a half dozen states on health care reform.”

In November 2011, the state of Vermont hired a consulting firm that used Gruber to study the state exchange. Gruber was paid at least $91,875 for his work.

In 2012, the state of Michigan included Gruber in a multi-firm, $481,050 contract to study its exchange system. It’s not clear how much of that went to Gruber himself.

The bottom line is that Obamacare has been very, very good to Jonathan Gruber. Now that he is in the news for other reasons, the public is also learning how much he profited from the bill he did so much to promote.

Of course others profited from Obamacare, too, and still are. Republican Mike Leavitt, a former governor of Utah and Mitt Romney adviser, has a consulting firm that has made millions off the exchanges. But Gruber’s recent admissions might put him in a special category. He is, by his own account, a man who intentionally deceived the public in order to pass a measure from which he stood to profit handsomely.

Obamacare architect Jonathan Gruber has billed federal and state governments at least $5.9 million for advice, as more videos surface showing him undercutting the landmark law

Four U.S. states and the federal government have padded Obamacare architect Jonathan Gruber’s wallet to the tune of $5.9 million since 2000, including millions connected to his work on the Affordable Care Act.

The Massachusetts Institute of Technology economist has been pilloried for collecting $392,600 from the Obama administration’s Health and Human Services Department while the law was being written, but that was just the tip of the iceberg.

Gruber’s consulting contracts give states and the feds access to a proprietary formula that can determine how changes in a health care system’s structure will affect costs.

The ‘Gruber Microsimulation Model’ is what he sold to the White House. It helped Obama’s team anticipate what the influential Congressional Budget Office (CBO) would say about various features of the final plan – and whether their costs would officially be considered ‘taxes.’

You MUST read more here and videos of Gruber-gate are included.

 

 

 

Refugee Status, Free of Charge

Posted on by

From the White House website: 

Creating an Immigration System for the 21st Century

Our nation’s immigration system is broken. Fixing it is an economic and national security imperative. That’s why President Obama is working to pass a common sense, comprehensive set of reforms that ensures everyone plays by the same rules.

Yeah sure thing White House. And then there is an associated video promoted by the White House:

Barack Obama has touted in recent weeks his assertion that he will proceed within all his presidential power executive action in spite of Congress. Sure there is a Senate bill that the House never took up and there were many reasons most of which it did not secure the border in advance to stop the illegal insurgency.

So the Obama 10 point plan that he threatens to sign before the end of the year includes:

The plan reportedly contains 10 initiatives that include everything from boosting border security to improving pay for immigration officers. The most controversial pertain to the millions who could get a deportation reprieve under what is known as “deferred action.”

Deferred action will include illegal immigrants who came to the U.S. as children, as well as parents of U.S. citizens and legal permanent residents. The latter could allow upwards of 4.5 million illegal immigrant adults with U.S.-born children to lawfully remain.

Senators who oppose deferred action say those who benefit from it will receive work authorization in the United States, Social Security numbers and government-issued IDs.

Sure to cause consternation among anti-“amnesty” lawmakers is a plan to expand deferred action for young people. Obama created such a program for illegal immigrants in June of 2012. For those who came to the U.S. as children, entered before June 2007 and were under 31 as of June 2012. The change would expand that to cover anyone who entered before they were 16, and change the cut-off from June 2007 to January 1, 2010, making nearly 300,000 illegal immigrants eligible.

Immigration and Customs Enforcement officers also would see a pay raise in order to “increase morale” within the ICE workforce.

DHS also is planning to “promote” the new naturalization process by giving a 50 percent discount on the first 10,000 applicants who come forward, with the exception of those who have income levels above 200 percent of the poverty level.

Tech jobs though a State Department immigrant visa program would offer another half-million immigrants a path to citizenship, including their spouses as well.

Obama has vowed to act in the absence of congressional action and has claimed that congressional action could still supersede his executive steps.

Just in case you need to understand what is in process already, this is a need to know and it is chilling as it is going on presently in the background.

WASHINGTON (AP) — The U.S. government will launch a program in December to grant refugee status to some people under the age of 21 who live in Guatemala, Honduras and El Salvador and whose parents legally reside in the United States.

U.S. officials say parents can ask authorities free of charge for refugee status for their children in the Central American countries, which are plagued by poverty and vicious gang violence. The program does not apply to minors who have arrived in the U.S. illegally.

Vice President Joe Biden announced the program Friday at the Inter-American Development Bank, where the presidents of the three Central American countries will present a plan to stem child migration from their countries.

U.S. officials said that children deemed refugees will be able to work immediately upon arrival in the U.S., opt for permanent residency the following year and for naturalization five years later. They did not say how long the process of receiving refugee status will take.

Central American children who meet the requirements will be part of a quota of 4,000 people from Latin America receiving refugee status each fiscal year, officials said. The U.S. quota of Latin America refugees currently consists of Cubans and Colombians.

Applicants who don’t meet the requirements will be evaluated to see if they can be admitted conditionally under a non-permanent migratory status that allows them to work temporarily in the U.S.

Biden’s announcement comes as President Barack Obama is poised to unveil a series of executive actions on immigration that will shield possibly around 5 million immigrants living in the country illegally from deportation, according to advocates in touch with the White House.

House Judiciary Committee Chairman Bob Goodlatte, R-Va., criticized the plan, which he described as “government-sanctioned border surge” if Obama acts as expected.

“The policy announced today could open Pandora’s box, allowing potentially even more people to come to the United States. This is bad policy and undermines the integrity of our immigration system,” Goodlatte said in a news release.

The program aims to be a legal and safe alternative to the long and dangerous journey some Central American children take north to reach the U.S. and to reunite with their parents in the U.S. Tens of thousands of unaccompanied child and teenage migrants showed up at the U.S. border earlier this year.

On Wednesday, Salvadoran Foreign Minister Hugo Martinez said the plan includes measures to stimulate economic growth, improve public safety, improve government agencies and provide better education and training opportunities.

Heritage Foundation has their own 10 point measure and it does make huge sense.

Consider this, how much money does it really cost taxpayers, the economic landscape, the government, the education system, the healthcare and the culture to accommodate and financially support illegals? No study has been ordered for such a financial review, but whatever it may be, it is far larger than going in fact to Guatemala, Honduras and El Salvador and building a infrastructure in those countries to keep people there with great success. This is yet another platform where USAID and the State Department foreign affairs has failed.

In closing, President Reagan worked with Congress and Congress authorized amnesty, yet Barack Obama is NOT using Congress.

 

No Place Safe from CyberTerror

Posted on by

Cant shop at Target. Cant use your plastic at restaurants. Cant use hotspots for internet access. Cant buy medical coverage from Obamacare. Now if you are an employee at many companies your information is compromised. Now, the United States Post Office has been hacked and signs continue to point to China while Russia is just as aggressive.

Postal Service reveals cyber breach

  • By Colby Hochmuth
  • Nov 10, 2014
gloved hands

The Postal Service suffered a cybersecurity breach of its information systems and has launched an investigation into the attack that potentially compromised employee and customer personal information, including addresses, Social Security numbers and emails.

The Nov. 10 announcement of the attack, which was discovered in September, comes little more than a week after the White House reported it too had been the victim of hacking.

As in the White House breach, suspicion immediately fell on China, where President Barack Obama is now attending an economic summit and visiting with President Xi Jinping.

“This intrusion was similar to attacks being reported by many other federal government entities and U.S. corporations,” David Partenheimer, manager of media relations at USPS, said in a statement. “We are not aware of any evidence that any of the potentially compromised customer or employee information has been used to engage in any malicious activity.”

12 other key federal breaches

But a private sector analyst suggested employees should be on the lookout, nonetheless.

“Unfortunately, this breach is just the latest in a series of incidents that have targeted the U.S. government,” said Dan Waddell, director of government affairs at (ISC)2. “It seems this particular incident revealed information on individuals that could lead to targeted spear-phishing attacks towards USPS employees.”

“All of us need to be aware of potential phishing schemes,” Waddell added, “but in this particular case, USPS employees should be on the lookout for any suspicious email that would serve as a mechanism to extract additional information such as USPS intellectual property, credit card information and other types of sensitive data.”

Call center data submitted to the Postal Service Customer Care Center by customers via email or phone between Jan. 1 and Aug. 16, 2014, is thought to be compromised; that includes names, addresses, telephone numbers, email addresses and other information customers provided to the center. However, USPS officials said they do not believe customers who contacted the call center during that period need to take any action as a result of the incident.

USPS is working with the FBI, Justice Department and the U.S. Computer Emergency Readiness Team to investigate the breach.

USPS is also tapping the private sector and bringing in specialists in forensic investigations and data systems “to assist with the investigation and remediation to ensure that we are approaching this event in a comprehensive way, understanding the full implications of the cyber intrusion and putting in place safeguards designed to strengthen our systems,” according to an agency statement.

According to an April 2014 USPS Inspector General audit on the security of USPS’s wireless networks, “the Postal Service has effective security policies and controls that detect unauthorized access to its wireless network.”

The audit also found that USPS has continuous monitoring technology and procedures to ensure security of the wireless network in place, and that larger USPS facilities have dedicated access points configured for wireless intrusion detection.

As for the security of USPS’s stored data, the OIG found several weak spots in a March 2014 report.

“The Data Management Services group did not manage the storage environment in accordance with Postal Service security requirements because its managers did not provide adequate oversight of the storage teams,” the report said.

In the first half of 2014, more than 500 million commercial records have been compromised by hackers, and “this represents another example of the aggressive nature of nation-state adversaries looking for personally identifiable information for potential phishing attacks and other types of fraud — an area where information can be easily monetized,” said Edward Ferrara, principal analyst at Forrester. “This could also be an attempt to further probe aspects of the United States government’s cyber defenses in the unclassified areas of government operations.”

USPS has implemented additional security measures to improve the security of its information systems, which attracted attention this weekend, as some of USPS’s systems went offline. According to USPS, these additional security measures include equipment and system upgrades, as well as changes in employee procedures and policies to be rolled out in the coming days and weeks.

“It is an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity,” Postmaster General Patrick Donahoe said in a statement. “The United States Postal Service is no different. Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data.”

About the Author:

Colby Hochmuth is a staff writer covering big data, cloud computing and the federal workforce. Connect with her on Twitter: @ColbyAnn.

Dragonfly vs. America, Courtesy of Russia

Posted on by

Can you live without electricity for a day or two? Yes of course if you in advance right? Can you live without power for a week or so? Yes of course with advanced notice right? Can you live without power for a month, 4 months or 18 months? NOPE. It is time to not only think about preparations, but to get prepared and then to practice procedures for short term and long term power outages and the reason is Russia.

There is a sad truth to what is below, the United States is not prepared and what is worse we are not declaring war to stop Russia either. Russia has hacked into U.S. government sites, hacked into corporate sites and hacked into the financial industry all without so much as a whimper as a U.S. reply. We have no countermeasures, we have no offensive measures and have not even written a strongly worded letter.

 

Russia has gone to the dragons against America, well actually to the Dragonflies and this is what you need to know and do. Remember the entire infrastructure is tied to SCADA, that includes water systems, transportation systems, water, hospitals, schools and retail.

Dragonfly: Western Energy Companies Under Sabotage Threat

Cyberespionage campaign stole information from targets and had the capability to launch sabotage operations.

An ongoing cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to energy supplies in affected countries.

Among the targets of Dragonfly were energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching attacks through a number of different vectors. Its most ambitious attack campaign saw it compromise a number of industrial control system (ICS) equipment providers, infecting their software with a remote access-type Trojan. This caused companies to install the malware when downloading software updates for computers running ICS equipment. These infections not only gave the attackers a beachhead in the targeted organizations’ networks, but also gave them the means to mount sabotage operations against infected ICS computers.

This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems. While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required.

In addition to compromising ICS software, Dragonfly has used spam email campaigns and watering hole attacks to infect targeted organizations. The group has used two main malware tools: Backdoor.Oldrea and Trojan.Karagany. The former appears to be a custom piece of malware, either written by or for the attackers.

Prior to publication, Symantec notified affected victims and relevant national authorities, such as Computer Emergency Response Centers (CERTs) that handle and respond to Internet security incidents.

Background
The Dragonfly group, which is also known by other vendors as Energetic Bear, appears to have been in operation since at least 2011 and may have been active even longer than that. Dragonfly initially targeted defense and aviation companies in the US and Canada before shifting its focus mainly to US and European energy firms in early 2013.

The campaign against the European and American energy sector quickly expanded in scope. The group initially began sending malware in phishing emails to personnel in target firms. Later, the group added watering hole attacks to its offensive, compromising websites likely to be visited by those working in energy in order to redirect them to websites hosting an exploit kit. The exploit kit in turn delivered malware to the victim’s computer. The third phase of the campaign was the Trojanizing of legitimate software bundles belonging to three different ICS equipment manufacturers.

Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability. The group is able to mount attacks through multiple vectors and compromise numerous third party websites in the process. Dragonfly has targeted multiple organizations in the energy sector over a long period of time. Its current main motive appears to be cyberespionage, with potential for sabotage a definite secondary capability.

Analysis of the compilation timestamps on the malware used by the attackers indicate that the group mostly worked between Monday and Friday, with activity mainly concentrated in a nine-hour period that corresponded to a 9am to 6pm working day in the UTC +4 time zone. Based on this information, it is likely the attackers are based in Eastern Europe.

figure1_9.png
Figure. Top 10 countries by active infections (where attackers stole information from infected computers)

Tools employed
Dragonfly uses two main pieces of malware in its attacks. Both are remote access tool (RAT) type malware which provide the attackers with access and control of compromised computers. Dragonfly’s favored malware tool is Backdoor.Oldrea, which is also known as Havex or the Energetic Bear RAT. Oldrea acts as a back door for the attackers on to the victim’s computer, allowing them to extract data and install further malware.

Oldrea appears to be custom malware, either written by the group itself or created for it. This provides some indication of the capabilities and resources behind the Dragonfly group.

Once installed on a victim’s computer, Oldrea gathers system information, along with lists of files, programs installed, and root of available drives. It will also extract data from the computer’s Outlook address book and VPN configuration files. This data is then written to a temporary file in an encrypted format before being sent to a remote command-and-control (C&C) server controlled by the attackers.

The majority of C&C servers appear to be hosted on compromised servers running content management systems, indicating that the attackers may have used the same exploit to gain control of each server. Oldrea has a basic control panel which allows an authenticated user to download a compressed version of the stolen data for each particular victim.

The second main tool used by Dragonfly is Trojan.Karagany. Unlike Oldrea, Karagany was available on the underground market. The source code for version 1 of Karagany was leaked in 2010. Symantec believes that Dragonfly may have taken this source code and modified it for its own use. This version is detected by Symantec as Trojan.Karagany!gen1.

Karagany is capable of uploading stolen data, downloading new files, and running executable files on an infected computer. It is also capable of running additional plugins, such as tools for collecting passwords, taking screenshots, and cataloging documents on infected computers.

Symantec found that the majority of computers compromised by the attackers were infected with Oldrea. Karagany was only used in around 5 percent of infections. The two pieces of malware are similar in functionality and what prompts the attackers to choose one tool over another remains unknown.

Multiple attack vectors
The Dragonfly group has used at least three infection tactics against targets in the energy sector. The earliest method was an email campaign, which saw selected executives and senior employees in target companies receive emails containing a malicious PDF attachment. Infected emails had one of two subject lines: “The account” or “Settlement of delivery problem”. All of the emails were from a single Gmail address.

The spam campaign began in February 2013 and continued into June 2013. Symantec identified seven different organizations targeted in this campaign. The number of emails sent to each organization ranged from one to 84.

The attackers then shifted their focus to watering hole attacks, comprising a number of energy-related websites and injecting an iframe into each which redirected visitors to another compromised legitimate website hosting the Lightsout exploit kit. Lightsout exploits either Java or Internet Explorer in order to drop Oldrea or Karagany on the victim’s computer. The fact that the attackers compromised multiple legitimate websites for each stage of the operation is further evidence that the group has strong technical capabilities.

In September 2013, Dragonfly began using a new version of this exploit kit, known as the Hello exploit kit. The landing page for this kit contains JavaScript which fingerprints the system, identifying installed browser plugins. The victim is then redirected to a URL which in turn determines the best exploit to use based on the information collected.

Trojanized software
The most ambitious attack vector used by Dragonfly was the compromise of a number of legitimate software packages. Three different ICS equipment providers were targeted and malware was inserted into the software bundles they had made available for download on their websites. All three companies made equipment that is used in a number of industrial sectors, including energy.

The first identified Trojanized software was a product used to provide VPN access to programmable logic controller (PLC) type devices. The vendor discovered the attack shortly after it was mounted, but there had already been 250 unique downloads of the compromised software.

The second company to be compromised was a European manufacturer of specialist PLC type devices. In this instance, a software package containing a driver for one of its devices was compromised. Symantec estimates that the Trojanized software was available for download for at least six weeks in June and July 2013.

The third firm attacked was a European company which develops systems to manage wind turbines, biogas plants, and other energy infrastructure. Symantec believes that compromised software may have been available for download for approximately ten days in April 2014.

The Dragonfly group is technically adept and able to think strategically. Given the size of some of its targets, the group found a “soft underbelly” by compromising their suppliers, which are invariably smaller, less protected companies.

Two additional links are below for more information and key use.

http://energy.gov/sites/prod/files/Large%20Power%20Transformer%20Study%20-%20June%202012_0.pdf

http://www.fgdc.gov/usng/