By Jim Finkle
BOSTON, Aug 3 Security experts have discovered
an unprecedented series of cyber attacks on the networks of 72
organizations globally, including the United Nations,
governments and corporations, over a five-year period.
Security company McAfee, which uncovered the intrusions,
said it believed there was one "state actor" behind the attacks
but declined to name it, though several other security experts
said the evidence points to China.
The long list of victims in the extended campaign include
the governments of the United States, Taiwan, India, South
Korea, Vietnam and Canada; the Association of Southeast Asian
Nations (ASEAN); the International Olympic Committee (IOC); the
World Anti-Doping Agency; and an array of companies, from
defense contractors to high-tech enterprises.
In the case of the United Nations, the hackers broke into
the computer system of its secretariat in Geneva in 2008, hid
there for nearly two years, and quietly combed through reams of
secret data, according to McAfee.
"Even we were surprised by the enormous diversity of the
victim organizations and were taken aback by the audacity of
the perpetrators," McAfee's vice president of threat research,
Dmitri Alperovitch, wrote in a 14-page report released on
Wednesday.
"What is happening to all this data ... is still largely an
open question. However, if even a fraction of it is used to
build better competing products or beat a competitor at a key
negotiation (due to having stolen the other team's playbook),
the loss represents a massive economic threat."
McAfee learned of the extent of the hacking campaign in
March this year, when its researchers discovered logs of the
attacks while reviewing the contents of a "command and control"
server that they had discovered in 2009 as part of an
investigation into security breaches at defense companies.
It dubbed the attacks "Operation Shady RAT" and said the
earliest breaches date back to mid-2006, though there might
have been other intrusions. (RAT stands for "remote access
tool," a type of software that hackers and security experts use
to access computer networks from afar).
Some of the attacks lasted just a month, but the longest --
on the Olympic Committee of an unidentified Asian nation --
went on and off for 28 months, according to McAfee.
"Companies and government agencies are getting raped and
pillaged every day. They are losing economic advantage and
national secrets to unscrupulous competitors," Alperovitch told
Reuters.
"This is the biggest transfer of wealth in terms of
intellectual property in history," he said. "The scale at which
this is occurring is really, really frightening."
CHINA CONNECTION?
Alperovitch said that McAfee had notified all 72 victims of
the attacks, which are under investigation by law enforcement
agencies around the world. He declined to give more details.
Jim Lewis, a cyber expert with the Center for Strategic and
International Studies, said it was very likely China was behind
the campaign because some of the targets had information that
would be of particular interest to Beijing.
The systems of the IOC and several national Olympic
Committees were breached before the 2008 Beijing Games. And
China views Taiwan as a renegade province, and political issues
between them remain contentious even as economic ties have
strengthened in recent years.
"Everything points to China. It could be the Russians, but
there is more that points to China than Russia," Lewis said.
McAfee, acquired by Intel Corp (INTC.O) this year, would
not comment on whether China was responsible.
There was no comment from China on the report.
The U.N. said it was aware of the report, and had started
an investigation to ascertain if there was an intrusion.
A U.S. Defense Department spokeswoman, Air Force Lieutenant
Colonel April Cunningham, said "it is unknown who is
perpetrating these intrusions."
"With regard to China, we reported to Congress in 2010 that
China is actively pursuing cyber capabilities with a focus on
the exfiltration of information, some of which could be of
strategic or military utility," Cunningham said.
White House spokesman Jay Carney declined to comment on
the report's findings but said U.S. President Barack Obama
viewed cybersecurity as a top priority and was working to
tighten the defenses of both the government and private
sector.
U.S. Homeland Security Secretary Janet Napolitano said, "We
obviously will evaluate it, look at it and pursue what needs to
be pursued in terms of its content."
Britain's electronic spy agency told Reuters the McAfee
report highlighted the need for international cooperation as
cyber security challenges were transnational.
"Attribution for attacks in cyberspace is always difficult.
But whoever is responsible, this report is another reminder of
the need for effective cyber-security," said a spokeswoman for
the Government Communications Headquarters, one of the three
main arms of British intelligence. [ID:nL6E7J326R]
STONE AGE
Vijay Mukhi, a cyber-expert based in India, said some South
Asian governments were highly vulnerable to hacking from
China.
"I'm not surprised because that's what China does, they are
gradually dominating the cyberworld," he said. "I would call it
child's play (for a hacker to get access to Indian government
data) ... I would say we're in the stone age."
In Taiwan, an official of the Criminal Investigation
Bureau, which has a cyber crime unit, said he had no knowledge
of the McAfee report but added there had been no cases in
recent years of hacking of government websites.
An official from the Japanese trade ministry's information
security policy team said it was difficult to determine whether
a specific government lay behind a cyber attack "although we
see which countries the attacks originate from."
McAfee released the report to coincide with the start of
the Black Hat conference in Las Vegas, an annual meeting of
security professionals who promote security and fight cyber
crime.
