TMCnet News

Massive Cyberspying Operation Targeted U.S., U.N., Others [St. Joseph News-Press (MO)]
[August 04, 2011]

Massive Cyberspying Operation Targeted U.S., U.N., Others [St. Joseph News-Press (MO)]


(St. Joseph News-Press (MO) Via Acquire Media NewsEdge) London (CNN) -- U.S. government agencies, the United Nations, defense contractors and Olympic bodies have all been targeted by a single intruder in an "unprecedented" campaign of cyberspying, says a new report by a computer-security firm.



The operation, which targeted agencies and groups in 14 countries, bears the hallmarks of state-sponsored espionage, according to the report by security company McAfee. Other cybersecurity experts downplayed the report's findings, however.

McAfee said the attacks, which it calls Operation Shady RAT, have allowed hackers potentially to gain access to military and industrial secrets from 72 targets, most of them in the United States, over a five-year period.


McAfee did not name all the targets but said the sheer scope of victims, including 14 U.S. government bodies; the governments of Canada, India, South Korea and Taiwan; defense contractors; the International Olympic Committee; and even a cybersecurity company, indicates no one is safe.

Dmitri Alperovitch, McAfee's vice president of threat research, said attacks on political nonprofit groups indicated a "state actor" could be behind the operation. He declined to name a specific country, but media reports have pointed a finger at China.

When contacted by CNN, an official at the Chinese embassy said that the allegations were unwarranted, irresponsible and an attempt to vilify China. The official added that China, too, has been a victim of hacking and that the country wants to work with other countries to end the problem.

Others have cast doubt on Alperovitch's claim, saying the report sheds no new light on the world of cybersecurity and makes sweeping assumptions about the impact of the hacking operations.

In his 14-page report on McAfee's findings, Alperovitch asserts that Operation Shady RAT may have cost its victims billions in terms of lost revenues and stolen secrets.

"What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth," he said.

"Close guarded national secrets, source code, bug databases, e- mail archives, negotiation plans ... and much more has fallen off the truck of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries." He said the hackers used sophisticated "spear phishing" techniques, targeting individuals within organizations with high- security clearance and harvesting their details and passwords to gain a foothold inside computer networks.

Once inside, they installed so-called remote access tools -- the RATs that give Shady RAT its name -- to infiltrate more computers and steal data.

McAfee said it discovered the breaches in March after gaining access to a "command and control" computer server that contained hacking records. These dated to 2006, but McAfee said activity probably went back even further.

"After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," Alperovitch said.

He added the range of victims suggests "virtually everyone is falling prey to these intrusions, regardless of whether they are the United Nations, a multinational Fortune 100 company, a small nonprofit think tank, a national Olympic team or even an unfortunate computer security firm." While McAfee declines to name the country it suspects is behind Shady RAT, some observers have reportedly identified China as a likely candidate, partly because the targets include Taiwan and Olympic organizations in the months before the Beijing Games in 2008.

Some security experts said they believe China is increasingly involved in computer espionage against the U.S. government and American corporations such as Google. China has repeatedly and vehemently denied any connection to such breaches.

Graham Cluley, senior technology consultant at cybersecurity company Sophos, cautioned against blaming China. He also questioned the significance of the McAfee report, saying it offered few fresh facts about the world of cyber-espionage.

"We haven't learned anything new," Cluley said. "We already know that companies get targeted by hackers, and they gain access and we know that the motivations extend beyond the purely financial. But there's no smoking gun telling us this is definitely China.

"Every country in the world, let's not be naive, is using the Internet to spy, so it could just as easily be Cameroon or some guy in his back bedroom. There's no indication that this is state- sponsored -- that's a big leap to make." Cluley suggested the timing of the McAfee report was largely aimed at grabbing headlines ahead of the Black Hat conference, a major meeting of cybersecurity experts that gets under way Wednesday in Las Vegas.

Mikko Hypponen, chief research officer at technology security firm F-secure, said the attacks are nothing new. But they need highlighting since most affected parties refuse to talk about them, he said.

The McAfee allegations also follow a series of major computer breaches in which sensitive data was stolen from companies such as Google, defense manufacturer Lockheed Martin and data security firm RSA.

Alperovitch, however, said he believes there are no links between Shady RAT and so-called "hacktivist" groups such as LulzSec and Anonymous, which are said to be behind "relatively unsophisticated" attacks on Nintendo, Sony, the CIA and PBS.

But McAfee's report said that every government agency, security firm and major corporation faces constant cyberthreats.

"This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don't have anything valuable or interesting worth stealing," the report said.

(c) 2011 ProQuest Information and Learning Company; All Rights Reserved.

[ Back To TMCnet.com's Homepage ]