Cyberattacks have been targeting government and financial institutions, McAfee says [San Jose Mercury News, Calif.]
(San Jose Mercury News (CA) Via Acquire Media NewsEdge) Aug. 04--In the most threatening and widespread case of online espionage ever publicly disclosed, a Silicon Valley Internet security company on Wednesday said it uncovered cyberattacks lasting up to five years directed primarily at U.S. companies and government agencies, threatening the country's economy and national security.
Santa Clara-based McAfee said it has identified 72 organizations targeted, but the potential number of companies and government agencies attacked could be in the thousands. The attacks were primarily designed to obtain sensitive information. The sophistication of the assaults led the company's cybersecurity experts to say the perpetrator is a nation-state, though they declined to identify it.
"This sort of espionage chips away at our economic advantage and national security advantage," said Dmitri Alperovitch, McAfee's vice president of threat research and the lead author of a 14-page report, dubbed Operation Shady RAT. "RAT" is an acronym for "remote access tool," software used to get into computer networks.
"It's a very, very serious threat," he said. "All this intellectual property is being stolen. It will have an impact on jobs and our economic community." Alperovitch did not offer details about the data stolen, citing privacy concerns of the targeted organizations. And McAfee would not identify the country it thinks is behind the attacks. "We are not in the business of attribution," Alperovitch said. But, he added: "This is clearly a nation-state." The vast majority of those McAfee identified as having been attacked -- 49 -- are in the United States. The U.S. targets included a solar power company, various tech companies, numerous defense contractors, real estate companies, U.S. news organizations and even a Northern California county government.
Who's behind attacks? In possible hints at the culprit, the target list included a government agency in Taiwan, which China regards as a renegade province, and Olympic organizations, a year before the Beijing Games in 2008.
James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said, "Our two most active opponents in cyberspace are Russia and China. The Chinese are a little more noisy than the other guy, so they get caught more." In late June, Chinese Foreign Ministry spokesman Hong Lei denied that China was involved in cyberespionage.
"The Chinese government firmly opposes hacking in all its manifestations," he said. "Hacking is an international issue, to which China also falls victim. China is willing to conduct international cooperation in this regard. We are dissatisfied with some people's irresponsible remarks that link hacker attacks with the Chinese government." Lewis said the vulnerability of Silicon Valley companies depends largely on their commitment to security.
"They are a little arrogant," he said. "They feel, 'We are the tech gods of the world. Nobody could possibly beat us.' Overconfidence is one of the things we need to worry about. Some companies, like Intel, do a very good job. Microsoft and Google -- two great companies -- have been hacked." The economic toll Anna Han, a specialist in international business transactions and technology licensing at Santa Clara University, said the new era of cloud computing, in which important information is stored on servers, puts companies at even greater risk of being hit by online pickpockets.
The economic loss from the stolen data might not be realized for years because not all attacks appeared to be aimed at immediate commercial advantage, the report said. Experts estimate that as much as $20 billion is lost every year in the United States to online espionage.
"The danger is the long-term loss of competitive edge," Han said. "Even if they don't use it immediately against you in a current deal, your strategy is lost." Lewis pointed out that the latest report covers just some of the major global cyberattacks that have occurred in the past decade.
'List goes on and on' In February, McAfee issued a report that said at least five multinational oil and gas companies came under attack by hackers based in China. In December 2009, Google came under a flurry of cyberattacks that the company believes were based in China. In March, foreign hackers stole thousands of Department of Defense files. In February, the Australian prime minister and 10 other ministers had their email accounts hacked. The Australian government suspects Chinese intelligence agencies were involved.
"This list goes on and on," Lewis said.
He added that all governments are involved in cyberespionage, but said: "We don't do economic espionage, and that's what we should worry about." In May, the Obama administration unveiled a proposal to create international computer security standards with penalties for countries and organizations that don't abide by them. The strategy calls for rules to prevent data theft and promote Internet freedom.
'Digital Pearl Harbor' During his confirmation hearings in June, Secretary of Defense Leon Panetta said he is concerned about the possibility of a "digital Pearl Harbor" that could disrupt U.S. electric power grids, banks and transportation networks.
Alperovitch said that while Operation Shady RAT was not aimed at creating infrastructure chaos, it was capable of causing massive network disruptions.
"They can use it to take down (networks) and do all kinds of other damage," he said. "The potential exists for even more intrusions." Contact John Boudreau at 408-278-3496.
Behind 'Operation shady rat' THE REPORT: McAfee identified 72 organizations -- 49 in the United States -- that were targeted in cyberattacks. Representatives for the company did not say who is behind the attacks but says the culprit is likely a nation-state. McAfee is not naming most of the victims, nor is it stating exactly what data were stolen.
THE BACKDROP: The report comes amid a surge in high-profile hacking cases in recent months. Citigroup, Sony, Lockheed Martin, PBS and others have been targeted by hackers.
Sources: Mercury News reporting, Associated Press ___ To see more of the San Jose Mercury News, or to subscribe to the newspaper, go to http://www.mercurynews.com.
Copyright (c) 2011, San Jose Mercury News, Calif.
Distributed by McClatchy-Tribune Information Services.
For more information about the content services offered by McClatchy-Tribune Information Services (MCT), visit www.mctinfoservices.com, e-mail firstname.lastname@example.org, or call 866-280-5210 (outside the United States, call +1 312-222-4544)
Keynote Presentation - Open to all Badge Holders
Keynote Presentation - Open to all Badge Holders
Conference Luncheon - For Paid Conference Pass Holders, Exhibitors, Sponsors, Speakers, Press
Future of Work #TECHSUPERSHOW Expo Hall Open