Slashdot Mirror


Nation-backed Hackers Using Evercookie and Web Analytics To Profile Targets (securityledger.com)

chicksdaddy writes: There's such a fine line between clever and criminal. That's the unmistakable subtext of the latest FireEye report on a new "APT" style campaign that's using methods and tools that are pretty much indistinguishable from those used by media websites and online advertisers. The difference? This time the information gathered from individuals is being used to soften up specific individuals with links to international diplomacy, the Russian government, and the energy sector.

The company released a report this week that presented evidence of a widespread campaign (PDF) that combines so-called "watering hole" web sites with a tracking script dubbed "WITCHCOVEN" and Samy Kamkar's Evercookie, the super persistent web tracking cookie. The tools are used to assemble detailed profiles on specific users including the kind of computer they use, the applications and web browsers they have installed, and what web sites they visit.

While the aims of those behind the campaign aren't known, FireEye said the use of compromised web sites and surreptitious tracking scripts doesn't bode well. "While many sites engage in profiling and tracking for legitimate purposes, those activities are typically conducted using normal third-party browser-based cookies and commercial ad services and analytics tools," FireEye wrote in its report. "In this case, while the individuals behind the activity used publicly available tools, those tools had very specific purposes....This goes beyond 'normal' web analytics," the company said.

1 of 47 comments (clear)

  1. Re:What can be done? by gstoddart · · Score: 5, Insightful

    Honestly? Stop letting arbitrary sites and their 3rd party partners run bloody scripts.

    You don't go to an arbitrary website and essentially say "why you seem like a fine, upstanding web-site, by all means please execute some javascript and flash code".

    Well, actually, people do it all the time. But it's been a stupid idea for the last 15 years. But for some reason the trust model of the internet continues to be built on doing exactly that.

    The solution is to stop trusting the damned internet and letting every site run whatever code they and their ad partners think they feel they should.

    Because, let's face it, the internet hasn't really been trustworthy in a VERY long time.

    --
    Lost at C:>. Found at C.