World's most extensive case of cyberespionage, including attacks on U.S. government and U.N. computers, is set to be revealed Wednesday by online security firm McAfee, and analysts are speculating that China is behind the attacks.
The spying were dubbed “Operation Shady RAT,” or “remote access tool” by McAfee.
Analysts told The Washington Post that the finger of blame for the infiltration of the 72 networks -- 49 of them in the U.S. -- points firmly in the direction of China.
California-based McAfee would only say it believed there was one "state actor" behind the attacks, but the security firm declined to name it or many of the victims.
Targets for the intrusions -- identified from logs tracked to a single server -- included computer networks of the United Nations secretariat, a U.S. Energy Department lab, some dozen U.S. defense firms and a U.K. defense contractor.
McAfee researchers discovered a “command and control” server in 2009 while investigating some attacks against defense contractors, Reuters reported. In March of this year, they returned to that computer and found logs revealing all of the attacks, the agency said.
While McAfee investigators have only been able to guess what exactly was stolen, McAfee Vice President of Threat Research Dmitri Alperovitch said the attacker looked for data that would give it military, diplomatic and economic advantage, Reuters reported.
McAfee found evidence of security breaches as far back as mid-2006, but said that it’s possible the hacking began before that, Reuters reported. Some attacks lasted just a month, while others lasted for more than two years.
The attacks were carried out using spear-phishing emails, which are tainted with malicious software, to specific people at the organizations they targeted. When people clicked on an infecte link, the intruder was able to jump on to the machine and use it to infiltrate the organizations computer network, Reuters said.
The governments of Canada, India, South Korea, Taiwan and Vietnam were also hit, as were the Association of Southeast Asian Nations, the International Olympic Committee, and the World Anti-Doping Agency, Reuters reported.
According to Reuters, McAfee's traced the attacks back as far as 2006, although it says they may go further back than that. They were apparently carried out through spear-phising emails sent to specific individuals at the various organizations. It's dubbed the operation Shady Rat.
The hackers were after both military and commercial information, according to McAfee VP of threat research Dmitri Alperovitch. This includes secret government documents, email archives, legal contracts, details of business negotiations and design schematics.
"If you look at an industry and think about what is most valuable in terms of intellectual property, that is what they were going after," he said.
"Even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators."
Rather shockingly, the victims don't seem to have been aware of the intrusions until they were notified by McAfee. Indeed, the attack on on the UN Secretariat appears to have carried on for two years, and some — such as one on the World Anti-Doping Agency in Montreal - are still continuing.
No comments:
Post a Comment