Category Archives: Cyber War

Iran’s Nuke Program Clone in Oak Ridge

Posted on by

We know with near precision the current phase of all Iran’s nuclear program progress stands. How you ask? We have better scientists than Iran does and have been advancing these technologies for far longer. In fact, the United States has a clone operation located in Oak Ridge. This makes the P5+1 negotiations with John Kerry in the lead all the more…well stupid and frankly…reckless.

Primer:

ORNL plays an important role in national and global security by virtue of its expertise in advanced materials, nuclear science, supercomputing and other scientific specialties. Discovery and innovation in these areas are essential for protecting US citizens and advancing national and global security priorities. ORNL supports these missions by using its signature strengths to meet complex national security challenges in a number of areas.

Nuclear Nonproliferation – The laboratory’s expertise and experience covers the spectrum of nuclear nonproliferation work, from basic R&D to “boots-on-the-ground” implementation. This work ranges from uranium fuel cycle research to detection technologies and nuclear forensics. ORNL’s non-proliferation activities include developing, coordinating and helping to implement policies designed to reduce threats from a variety of sources, including nuclear weapons and “dirty bombs.”

National Defense – ORNL works with the US Department of Defense to respond to global challenges by developing and delivering advanced technologies in areas such as special materials; information management, synthesis and analysis; advanced sensor technology; energy efficiency technologies; early warning systems for chemical and biological threats; and unmanned air, ground and sea systems.

Then there is Argonne National Laboratory near Chicago where scientists have been at the forefront of nuclear reactor technology since the lab’s founding in 1946 as the home of the world’s first reactors. Groundbreaking research performed at the lab over the following decades led to the creation of the current generation of American nuclear reactors.

Checks and Balances for negotiations:

In Atomic Labs Across U.S., a Race to Stop Iran

WASHINGTON — When diplomats at the Iran talks in Switzerland pummeled Department of Energy scientists with difficult technical questions — like how to keep Iran’s nuclear plants open but ensure that the country was still a year away from building a bomb — the scientists at times turned to a secret replica of Iran’s nuclear facilities built deep in the forests of Tennessee.

There inside a gleaming plant at the Oak Ridge nuclear reservation were giant centrifuges — some surrendered more than a decade ago by Libya, others built since — that helped the scientists come up with what they told President Obama were the “best reasonable” estimates of Iran’s real-life ability to race for a weapon under different scenarios.

“We know a lot more about Iranian centrifuges than we would otherwise,” said a senior nuclear specialist familiar with the forested site and its covert operations.

The classified replica is but one part of an extensive crash program within the nation’s nine atomic laboratories — Oak Ridge, Los Alamos and Livermore among them — to block Iran’s nuclear progress. As the next round of talks begins on Wednesday in Vienna, the secretive effort remains a technological obsession for thousands of lab employees living the Manhattan Project in reverse. Instead of building a bomb, as their predecessors did in a race to end World War II, they are trying to stop one.

Ernest J. Moniz, the nuclear scientist and secretary of energy, who oversees the atomic labs, said in an interview that as the Obama administration sought technical solutions at the talks, diplomats would have been stumbling in the dark “if we didn’t have this capability nurtured over many decades.” Although Mr. Moniz would not discuss the secret plant at Oak Ridge, parts of which date to the American and Israeli program to launch cyberattacks on Iran’s Natanz enrichment plant, he said more generally that the atomic labs give the United States “the capacity to carry through” in one of the most complex arms-control efforts in history.

It has also changed the labs. In the bomb-making days, the scientists largely kept to their well-guarded posts. But anyone traveling to the Iran talks over the past year and a half in Vienna and Lausanne, Switzerland, saw the Energy Department experts working hard as the negotiations proceeded, and heading out to dinner after long days of talks.

It was over one of those dinners in Vienna last summer that several of the experts began wondering how they might find a face-saving way for Iran to convert its deep-underground enrichment plant at Fordo, a covert site exposed by the United States five years ago, into a research center. That would enable Iran to say the site was still open, and the United States could declare it was no longer a threat.

“The question was what kind of experiment you can do deep underground,” recalled a participant in the dinner. By the time coffee came around, the kernel of an idea had developed, and it subsequently became a central part of the understanding with Iran that Secretary of State John Kerry and Mr. Moniz announced this month. Under the preliminary accord, Fordo would become a research center, but not for any element that could potentially be used in nuclear weapons.

Sometimes, during negotiations in Switzerland, a member of the scientific team would dump a bowl of chocolates on the table and rearrange them to show the Iranians how a proposed site rearrangement might work. “It was a visual way,” an official said, “to get past the language barrier.”

But much of the work was done back at the labs, where specialists who had become accustomed to more 9-to-5 days found themselves on call seven days a week, around the clock, answering questions from negotiators and, at times, backing up the answers with calculations and computer modeling.

A senior official of the National Nuclear Security Administration, Kevin Veal, who has been along for every negotiating session, would send questions back to the laboratories, hoping to separate good ideas from bad. “It’s what our people love to do,” said Thom Mason, the director of Oak Ridge National Laboratory. “It can be very rewarding.”

Given the stakes in the sensitive negotiations, the labs would check and recheck one another, making sure the answers held up. The natural rivalries among the labs sometimes worked to the negotiators’ advantage: Los Alamos National Laboratory, in the mountains of New Mexico, the birthplace of the bomb, was happy to find flaws in calculations done elsewhere, and vice versa.

“A lot of what we did was behind the scenes,” said Charles F. McMillan, the Los Alamos director.

A prime target of the effort was redesigning Iran’s still-under-construction nuclear reactor at Arak, a sprawling complex ringed by antiaircraft guns. The question was how to prevent the reactor from producing weapons-grade plutonium, a main fuel of atom bombs. Iran insisted the reactor was being built to produce medical isotopes for disease therapy.

Last year, when the Iranians proposed a way to redesign Arak, the job of assessing the plans fell to Argonne National Laboratory outside Chicago, one of the world’s most experienced developers of nuclear reactors.

The lab refined the Iranian idea, making sure Arak’s new fuel core would produce no pure bomb-grade plutonium. Eventually, the Iranians signed on. It is one of the few elements of the provisional nuclear deal between Iran, the United States and five other world powers that looks like a permanent fix because in order to produce weapons fuel, the whole reactor would have to undergo an obvious overhaul.

In lauding the deal announced early this month, Mr. Moniz put the redesign of Arak at the top of the achievements list, saying it “shuts down the plutonium pathway.”

At other times, scientists were on tight deadlines to come up with solutions.

Late last year, a computer scientist at Lawrence Livermore National Laboratory in California was traveling by train to visit his children when a call came in that his team had to immediately reassess Natanz, Iran’s main enrichment plant. There in a vast underground bunker mazes of centrifuges spin around the clock to purify uranium, another bomb fuel.

The question was whether a proposed design of Natanz that allowed more than 6,000 centrifuges to spin would still accomplish the administration’s goal of keeping Iran at least a year away from acquiring enough enriched uranium to make a bomb. The answer was yes.

William H. Goldstein, the director of the Livermore lab, said the required turnaround for answers “was hours in some cases.”

Fordo, the most troubling of Iran’s many nuclear sites, was another major challenge. The enrichment complex there is buried so far under a mountain that Israel fears it could not wipe out the site and its nearly 3,000 centrifuges with airstrikes. The United States has only one bunker-busting weapon that might accomplish the job.

Over the dinner last summer in Vienna, the scientists and American negotiators discussed how to turn the mountain fortress into a peaceful research center.

The answer lay in the deep-underground nature of the site, which made it excellent for an observatory to track invisible rays from cosmic explosions, opening a new window onto the universe. (The rocky strata of the site would filter out extraneous signals.) Another idea was to use the installed centrifuges for purifying rare forms of elements used in medicine rather than for uranium.

In early March, Oak Ridge in Tennessee got a call from the negotiators. They needed to learn more about the idea of purifying elements, to make sure that it was possible and that the equipment left in the mountain could not be easily turned to producing nuclear fuel.

An Oak Ridge team went into action, working Friday night into Saturday. That afternoon, Mr. Mason, the Oak Ridge director, was able to send a report to Washington, which was then delivered to Mr. Moniz.

“The answer was ‘yes,’ ” Mr. Mason said. “It was feasible.”

In the interview, Mr. Moniz said he spoke to his lab directors last week and asked them to think hard about other uses for the Fordo complex, an issue that will be on the table when negotiators resume their talks this week.

The world of science, Mr. Moniz said, has lots of peaceful projects that would help move the mountainous fortress off the pathway to atomic bombs.

“We’re going to be thinking,” he said, “about other directions.” The question is whether, in the last weeks of the negotiations, the Iranians will go along.

There is Spying, Espionage and Stupidity

Posted on by

The Virginia-based cyber security firm Mandiant recently released a report detailing one source of persistent cyber attacks, the Chinese People’s Liberation Army. Mandiant estimates that since 2006, a single Chinese army cyberattack unit has compromised “141 companies spanning 20 major industries, from information technology and telecommunications to aerospace and energy,” using a “well-defined attack methodology, honed over years and designed to steal large volumes of valuable intellectual property.”

Mandiant explains that once these hackers have infiltrated an organization’s system, they “periodically revisit the victim’s network … and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists”. On average, access to a victimized network is maintained for nearly a year.

Now for the Chinese human operatives….

State Dept. contractor allegedly paid by Chinese agent to spy on Americans – yet no charges filed 

Newly unsealed court documents obtained by Fox News show a State Department contractor allegedly was paid thousands by an individual thought to be a Chinese agent in exchange for information on Americans — but despite an FBI probe, the Justice Department declined to prosecute.

A November 2014 FBI affidavit, filed in the U.S. District Court for the District of Maryland, shows the bureau investigated the contractor for her admitted contact with individuals she believed to be Chinese intelligence officers.

The affidavit from agent Timothy S. Pappa states the translator, Xiaoming Gao, was paid “thousands of dollars to provide information on U.S. persons and a U.S. government employee.”

According to the documents, she admitted these meetings took place in hotel rooms in China for years, where she reported on her “social contacts” in the U.S. to an individual who went by the name of “Teacher Zhao.”

The detailed affidavit even goes on to say the translator briefly lived, “for free,” with a State Department employee — who held a top-secret clearance and designed high-security embassies, including the U.S. compound in Islamabad, Pakistan.

The State Department employee, who was not named, initially told the FBI he didn’t discuss his job with Gao, but later changed his statement.

According to the documents, Gao also told the FBI — during interviews in 2013 — that she once told “Teacher Zhao” about the travel plans of an American and ethnic Tibetan. This person told the FBI he ended up being interrogated by Chinese intelligence officers during a trip to Tibet, and a member of his family was imprisoned.

Yet the U.S. attorney’s office in Washington, D.C., which oversaw the case, recently declined to prosecute, allowing the documents to be unsealed. The office offered no further comment. The FBI also is saying nothing beyond the court documents that were filed to search a storage unit in suburban Washington, D.C.

On its face, a former senior Justice Department official said the decision not to prosecute is perplexing, because the case was unlikely to reveal investigative sources and methods.

“It’s not clear to me, based on the court files that were unsealed, how a prosecution of this person could possibly have compromised U.S. intelligence gathering,” Thomas Dupree, former deputy assistant attorney general under the George W. Bush administration, told Fox News. “If it jeopardizes or threatens to disrupt relations with another country, so be it. That you have to draw the line somewhere, and that we need to send a message that this sort of conduct and activity simply will not be tolerated.”

The State Department confirmed Xiaoming Gao worked for the Office of Language Services over a four-year period beginning in June 2010. This would have covered the tenures of former Secretary of State Hillary Clinton and sitting Secretary John Kerry.

“She was employed as a contract interpreter until February 2014, is not employed here anymore. And so any additional questions on this, I’d refer you to the FBI,” spokeswoman Marie Harf said.

When told the FBI was referring Fox News’ questions back to State, Harf responded: “I’m referring you back to them.”

The documents do not fully explain Gao’s side of the story.

Emails and phone calls to the consulting firm, which the translator listed on the web as her employer, have gone unanswered. Fox News extended an invitation to discuss the allegations. No attorney of record was filed with the court.

 

The Cyber-Threats to SCADA Increasing

Posted on by
Dell has reached out to this site with updated/corrected links for the item below:

Please refer to https://www.quest.com and https://www.quest.com/solutions/network-security/

What is SCADA? A computerized system that controls all national infrastructure. This includes water, power grids, transportation and supply chains.

In 2012:

The last “INTERNET SECURITY THREAT REPORT published by Symantec reports that in 2012, there were eighty-five public SCADA vulnerabilities, a massive decrease over the 129 vulnerabilities in 2011. Since the emergence of the Stuxnet worm in 2010, SCADA systems have attracted more attention from security researchers.

Today, 2015 there is a significantly more chilling condition.

 

A recent report published by Dell revealed a 100 percent increase in the number of attacks on industrial control (SCADA) systems.

The new Dell Annual Threat Report revealed that the number of attacks against supervisory control and data acquisition (SCADA) systems doubled in 2014 respect the previous year. Unfortunately, the majority of incidents occurred in SCADA systems is not reported. The experts confirmed that in the majority of cases the APT are politically motivated.

“Attacks against SCADA systems are on the rise, and tend to be political in nature as they target operational capabilities within power plants, factories, and refineries,” the researchers explained. “We saw worldwide SCADA attacks increase from 91,676 in January 2012 to 163,228 in January 2013, and 675,186 in January 2014.”

The countries with the greatest number of attacks are the Finland, the United Kingdom, and the United States, where online SCADA systems are widespread.

“In 2014, Dell saw 202,322 SCADA attacks in Finland, 69,656 in the UK, and 51,258 in the US” continues the report.

The experts noticed that buffer overflow is the vulnerability in SCADA system most exploited by hackers (25%), among other key attack methods there are the lack of input validation (9%) and Information Exposure (9%).

SCADA Attack methods Dell Report

 

Security experts speculate that the number of the attacks will continue to increase in the next years.

“This lack of information sharing combined with the vulnerability of industrial machinery due to its advanced age means that we can likely expect more SCADA attacks to occur in the coming months and years.” states the report.

 

The data published by Dell are aligned with the findings included in a report recently published by the ICS-CERT. The CERT responded to 245 incidents in Fiscal Year 2014, more than half of the incidents reported by asset owners and industry partners involved sophisticated APT.

Let’s closed with the suggestions provided by Dell experts to protect SCADA systems from attacks:

  • Make sure all software and systems are up to date. Too often with industrial companies, systems that are not used every day remain installed and untouched as long as they are not actively causing problems. However, should an employee one day connect that system to the Internet, it could become a threat vector for SCADA attacks.
  • Make sure your network only allows connections with approved IPs.
  • Follow operational best practices for limiting exposure, such as restricting USB ports if they aren’t necessary and ensuring Bluetooth is disabled.
  • In addition, reporting and sharing information about SCADA attacks can help ensure the industrial community as a whole is appropriately aware of emerging threats.

Iranian Hackers Eye U.S. Grid

Posted on by

iranhack4Cyber-savvy agents are stepping up their efforts to ID critical infrastructure that may compromise national security.

Iranian hackers are trying to identify computer systems that control infrastructure in the United States, such as the electrical grid, presumably with an eye towards damaging those systems, according to a new report from a cyber security firm and a think tank in Washington, D.C.

The researchers from Norse, a cyber security company, and the American Enterprise Institute, a conservative think tank that has been skeptical of the Iranian nuclear agreement, found that Iranian hacking against the U.S. is increasing and that the lifting of economic sanctions as part of an international agreement over Iran’s nuclear program “will dramatically increase the resources Iran can put toward expanding its cyberattack infrastructure.”

What’s more, the current sanctions regime, which has helped to depress Iran’s economy, has not blunted the expansion of its cyber spying and warfare capabilities, the researchers conclude.

The technical data underlying the report’s conclusions, while voluminous, aren’t definitive, and they don’t answer a central question of whether Iran intends to attack the U.S. Using data collected from a network of Norse “sensors” around the world made to look like vulnerable computers, the researchers tracked what they say is a dramatic escalation in spying and attacks on the U.S. from hackers in Iran, including within the Iranian military. The researchers also traced hacking back to a technical university in Iran, as well as other institutions either run or heavily influenced by the Iranian regime.

“Iran is emerging as a significant cyber threat to the U.S. and its allies,” the report’s authors say. “The size and sophistication of the nation’s hacking capabilities have grown markedly over the last few years, and Iran has already penetrated well-defended networks in the U.S. and Saudi Arabia and seized and destroyed sensitive data.”

That assessment tracks with the view of U.S. intelligence officials, who’ve been alarmed by how quickly Iran has developed the capability to wreak havoc in cyberspace. In 2012, officials say that Iranian hackers were responsible for erasing information from 30,000 computers at Saudi Aramco, the state-owned oil and gas production facility, as well as a denial-of-service attack that forced the websites of major U.S. banks to shut down under a deluge of electronic traffic. Earlier this year, Director of National Intelligence James Clapper said that Iran was responsible for an attack on the Sands casino company in 2014, in which intruders stole and destroyed data from the company’s computers.

The Norse and AEI researchers found that Iran’s cyber capabilities, which U.S. officials and experts say have been growing rapidly since around 2009, have accelerated in the past year. Attacks launched from Iranian Internet addresses rose 128 percent between January 2013 and mid-March 2015, the researchers found. And the number of individual Norse sensors “hit” by Iranian Internet addresses increased 229 percent. All told, the researchers conclude that hackers using Iranian Internet addresses have “expended their attack infrastructure more than fivefold over the course of just 13 months.”

There’s little debate about among U.S. officials and experts that Iran poses a credible and growing danger online. But the technical data underlying Norse and AEI’s conclusions came into question when the report was released on Thursday.

The researchers relied on “scans” of Norse sensors that may indicate some interest by an Iranian hacker, but don’t prove his intent or that he was planning to damage a particular computer.

 

“They talk about ‘attacks,’ but what they really mean are ‘scans,” which is more ambiguous, Robert M. Lee, a PhD candidate at King’s College London who is researching industrial control systems, told The Daily Beast. Industrial control systems are the computers that help run critical infrastructure.

Essentially, Iranian hackers are casing a neighborhood, but that doesn’t necessarily mean they’re going to rob houses. Lee, who is also an active duty Air Force cyber warfare operations officer, said he agreed with the report’s assessment that Iran is building up its cyber forces and poses a threat. But the underlying technical data in the report doesn’t directly support that claim, he said. “They reached the right conclusions but for the wrong reasons,” Lee said.

The researchers didn’t find that Iran had successfully penetrated any industrial control systems and caused machinery to break down.

While the report concludes that Iran will use the sanctions relief to fuel its growing cyber warfare program, other researchers have suggested that Iran is likely to back off its most aggressive operations—like those against the Saudi oil company and U.S. banks—and will instead focus on cyber espionage that doesn’t cause physical damage.

“They’ll be far more targeted and careful,” Stuart McClure, the CEO and president of cybersecurity company Cylance, told The Daily Beast in a recent interview. Since the U.S. and its international partners reached a tentative agreement with Iran on its nuclear program earlier this month, Cylance hasn’t tracked any attacks by an Iranian hacker group that it has been monitoring and documented in an earlier report (PDF).

But Norse’s conclusions are generally supported by Cylance’s research, which found that Iran had actually penetrated systems controlling a range of critical infrastructure in the U.S., including oil and gas, energy and utilities, transportation, airlines, airports, hospitals, telecommunications, and aerospace companies. The company’s report on those intrusions, which it said was based on two years of research, also didn’t attribute any failures of critical infrastructure to those Iranian intrusions.

“A lot of the work [the Iranians] were doing was quite sloppy, almost to the point that they wanted to get caught,” McClure said. He speculated that the Iranians may have been trying to send a signal to the U.S. and their partners in the nuclear negotiations that they were capable of inflicting harm if they didn’t get a favorable deal. “Coming to the table and knowing your adversary is in your house influences the negotiation.”

Iran still has a way to go to join the ranks of the cyber superpowers. Its “cyberwarfare capabilities do not yet seem to rival those of Russia in skill, or ofChina in scale,” the Norse and AEI report finds. There is still a relatively small community of high-end hackers in the country, and the regime hasn’t been able to build as robust a tech infrastructure for launching attacks as other nations whose capabilities are more advanced, the researchers found.

The report identifies the Iranian government as responsible for the malicious activity, concluding that the traffic originated from organizations “controlled or influenced by the government” or moved over equipment that is known to be monitored and manipulated by Iran’s security services.

That claim is also likely to raise objection from technical experts, who generally demand more precise evidence to attribute a cyber operation to a specific actor.

“We are emphatically not suggesting that all malicious traffic emanating from Iran is government initiated or government-approved,” the researchers said. However, they argue “that the typical standards of proof for attributing malicious traffic to a specific source are unnecessarily high” in this case, given that so much of the traffic they observed traversed systems either owned, controlled, or spied on by the Iranian government.

That’s ironic: Earlier this year, when Obama administration officials declared publicly that North Korea was responsible for hacking Sony Pictures Entertainment, Norse was one of the most prominent skeptics, arguing that the government was relying on imprecise technical data and leaping to conclusions.

Norse said its own research suggested that a group of six individuals, including at least one disgruntled ex-Sony employee, was behind the assault, which humiliated Sony executives and led to threats of terrorist attacks over the release of The Interview.

But that theory was undermined in January when FBI Director James Comey took the unusual step of publicly declassifying information that, he said, definitively linked North Korea to the attack. Current and former U.S. intelligence officials also told The Daily Beast that they’d been tracking the hackers behind the Sony operation long before it was ever launched.

Who is hosting the Hacker’s Servers?

Posted on by

State report reveal 130 compromised websites used in travel-related watering hole attacks

By Bill Gertz

One hundred thirty websites are hosting malicious software on their websites in what the State Department is calling a sophisticated Russian cyber spying operation, according to security analysts.
“These websites include news services, foreign embassies and local businesses that were compromised by threat actors to serve as ‘watering holes,’” according to a report by the Overseas Security Advisory Council distributed this week. A watering hole is a hijacked website used by cyber attackers to deliver malware to unsuspecting victims.
“For example, users may navigate to one of these malicious sites with the intent of checking travel requirements or the status of a visa application and unknowingly download the embedded malware onto their computers,” the report said.
The report identified the locations of the compromised websites as the United States, South America, Europe, Asia, India and Australia.
The report appears to indicate Russian intelligence may be behind the operations. Also, none of the compromised websites are in China, an indication that Beijing’s hackers could be involved.
A total of 15 of the 130 websites used for watering holes were government embassy websites located in Washington, DC, and two were involved in passport and visa services and others are offering travel services.
The embassy targeting suggests some or all of the operations are linked to foreign intelligence services that are breaking into the networks as part of tracking and monitoring of foreign travel.
Another possibility is that the operation are part of information warfare efforts designed to influence policies and publics. Both Russia and China are engaged in significant strategic information operations targeting foreign governments and the private sector.
“The threat actors are likely attempting to gather information from entities with vested interests in international operations,” the report said. “Identified victims in this sector include embassies, defense industrial base groups, and think tanks.”
The report, based on data provided by the security firm iSight Partners, says the watering holes are likely part of cyber espionage operations.
“Analysis indicates this campaign has a global reach, continuing to target users of identified intelligence value long after the initial infection,” the report says.
The compromised websites are increasingly functioning as indirect malicious software attack tools. The compromised sites represent a different method than widely used spear phishing – the use of emails to trigger malicious software downloads.
“Rather than send a malicious email directly to a target of interest, threat actors research and compromise a high-traffic website that will likely be visited by numerous targets of interest,” the report said.
“Watering holes are effective, as they often exploit existing vulnerabilities on a user’s machine,” the report said. More sophisticated threat actors have been observed employing zero-day exploits – those which are previously unknown and evade antivirus and intrusion detection systems (IDS) to successfully compromise victims. Zero-days were used in the widely publicized Forbes.com watering hole in late 2014.”
The hijacked websites appear to be part of a campaign spanning 26 upper-level Internet domains and include affiliations with 21 nations and the European Union.
According to iSight, evidence suggests the campaign is “likely tied to cyber espionage operations with a nexus to the Russian Federation.”
The compromised government websites included those from Afghanistan, Iraq, Jordan, Namibia, Qatar and Zambia. The report recommended not visiting any of those embassy websites or risk being infected with malware.
Technically, the attackers arranged for computer users who visited the compromised websites to be infected with an embedded JavaScript that redirected users to a Google-shortened URL, and then on to websites the mapped their computer systems. This “profiling” is used by cyber spies to identify valuable targets and control that specific victims who are injected with a malware payload.
The profiling is used to identify targets that will produce “high intelligence value” returns, indicating sophisticated cyber spies are involved. The infection also employed a technique called the use of “evercookie” a derivative of the small files that are inserted on computers and can be used by remote servers to tailor information, such as advertisements, to specific user.
While normal cookies can be easily removed, evercookies store data in multiple locations, a method that makes them extremely difficult to find and removed. The use of evercookies also permits long-term exploitation by cyber attackers.
To counter watering hole attacks, users should make sure system and software security updates are applied, and avoid visiting suspicious websites.
In particular, network monitoring should be used to spot unusual activities, specifically geared toward attacks that exploit zero-day vulnerabilities.
“The threat of watering holes is likely to remain high, given their increasing popularity and success in the last year,” the report said.
The report, “Compromised Global Websites Target Unsuspecting Travelers,” was produced by OSAC’s Research & Information Support Center (RISC). It is available for OSAC members at osac.gov. *** But there is more.

SAN FRANCISCO (Reuters) – Hacking attacks that destroy rather than steal data or that manipulate equipment are far more prevalent than widely believed, according to a survey of critical infrastructure organizations throughout North and South America.

The poll by the Organization of American States, released on Tuesday, found that 40 percent of respondents had battled attempts to shut down their computer networks, 44 percent had dealt with bids to delete files and 54 percent had encountered “attempts to manipulate” their equipment through a control system.

Those figures are all the more remarkable because only 60 percent of the 575 respondents said they had detected any attempts to steal data, long considered the predominant hacking goal.

By far the best known destructive hacking attack on U.S. soil was the electronic assault last year on Sony Corp’s Sony Pictures Entertainment, which wiped data from the Hollywood fixture’s machines and rendered some of its internal networks inoperable.

The outcry over that breach, joined by President Barack Obama, heightened the perception that such destruction was an unusual extreme, albeit one that has been anticipated for years.

Destruction of data presents little technical challenge compared with penetrating a network, so the infrequency of publicized incidents has often been ascribed to a lack of motive for attackers.

Now that hacking tools are being spread more widely, however, more criminals, activists, spies and business rivals are experimenting with such methods.

“Everyone got outraged over Sony, but far more vulnerable are these services we depend on day to day,” said Adam Blackwell, secretary of multidimensional security at the Washington, D.C.-based group of 35 nations.

The survey went to companies and agencies in crucial sectors as defined by the OAS members. Almost a third of the respondents were public entities, with communications, security and finance being the most heavily represented industries.

The questions did not delve into detail, leaving the amount of typical losses from breaches and the motivations of suspected attackers as matters for speculation. The survey-takers were not asked whether the attempted hacks succeeded, and some attacks could have been carried off without their knowledge.

The survey did allow anonymous participants to provide a narrative of key events if they chose, although those will not be published.

Blackwell told Reuters that one story of destruction involved a financial institution. Hackers stole money from accounts and then deleted records to make it difficult to reconstruct which customers were entitled to what funds.

“That was a really important component” of the attack, Blackwell said.

In another case, thieves manipulated equipment in order to divert resources from a company in the petroleum industry.

Blackwell said that flat security budgets and uneven government involvement could mean that criminal thefts of resources, such as power, could force blackouts or other safety threats.

At security company Trend Micro Inc. , which compiled the report for the OAS, Chief Cybersecurity Officer Tom Kellermann said additional destructive or physical attacks came from political activists and organized crime groups.

“We are facing a clear and present danger where we have non-state actors willing to destroy things,” he said. “This is going to be the year we suffer a catastrophe in the hemisphere, and when you will see kinetic response to a threat actor.”

So-called “ransomware,” which encrypts data files and demands payment be sent to remote hackers, could also have been interpreted as destructive, since it often leaves information unrecoverable.

A spokesman for the U.S. Department of Homeland Security, SY Lee, said the department did not keep statistics on how often critical U.S. institutions are attacked or see destructive software and would not “speculate” on whether 4 out of 10 seeing deletion attempts would be alarming.

U.S. political leaders cite attacks on critical infrastructure as one of their greatest fears, and concerns about protecting essential manufacturers and service providers drove a recent executive order and proposed legislation to encourage greater information-sharing about threats between the private sector and government.

Yet actual destructive attacks or manipulation of equipment are infrequently revealed. That is in part because breach-disclosure laws in more than 40 states center on the potential risks to consumers from the theft of personal information, as with hacks of retailers including Home Depot Inc and Target Corp.

Under Securities and Exchange Commission guidelines, publicly traded companies must disclose breaches with a potential material financial impact, but many corporations can argue that even deletion of internal databases, theft and manipulation of equipment are not material.

Much more is occurring at vital facilities behind the scenes, and that is borne out by the OAS report, said Chris Blask, who chairs the public-private Information Sharing and Analysis Center for cybersecurity issues with the industrial control systems that automate power, manufacturing and other processes.

“I don’t think the public has any appreciation for the scale of attacks against industrial systems,” Blask said. “This happens all the time.”