McAfee discovers massive series of cyber attacks


RESEARCHERS AT the McAfee Internet Security company have discovered a massive series of cyber attacks targeting the networks of 72 organisations including the United Nations, and governments of the US, Taiwan, India, South Korea, Vietnam and Canada.

The infiltrations, which McAfee has called “Operation Shady Rat” is the biggest series of cyber penetrations to date and it says one “state actor” was involved in the attacks, which also hit the International Olympic Committee, the World Anti-Doping Agency and a host of corporations, including defence contractors and IT firms.

The country, which wasn’t named in the report, probably for fear of alienating clients, is strongly suspected to be China, a theory given legs by the fact that so many of the infiltrations involved Olympic-related sites – Beijing hosted the Olympics in 2008.

The fact that so much attention was paid to rival Taiwan also points in Beijing’s direction, although Russia is another possible candidate.

China has long denied any state involvement in cyber warfare, saying it too is a victim of hacking and that it co-operates with agencies to stop cyber infiltration.

“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators,” Dmitri Alperovitch, vice president of McAfee’s threat research unit, wrote in a blog.

Rat stands for “remote access tool” software which hackers and security experts use to remotely access computer networks.

McAfee believes the earliest breaches date back to mid-2006, though there might have been other intrusions that have not been detected yet.

Every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised or will be shortly, he said, and the great majority of the victims rarely discovering the intrusion or its impact.

Mr Alperovitch said he would divide the entire set of top global 2,000 firms “into two categories: those that know they’ve been compromised and those that don’t yet know”.

The fact that organisations such as the United Nations were targeted alongside corporates means the motivations were more than economic, but were also political.

He described the attacks as “nothing short of a historically unprecedented transfer of wealth” involving classified documents, source code, e-mail archives, plans for exploration of oil and gas fields, legal contracts and blueprints for designs of, mostly, western contractors.

Hackers spent two years unnoticed inside the computer system of the UN secretariat in Geneva in 2008, going through vast quantities of secret material.

Other organisations targeted included the Associated Press news agency, (although it was not mentioned by name in the report), which was compromised at its New York headquarters and Hong Kong bureau for more than 21 months.

Operation Shady Rat probably only represents a fraction of the cyber attacks going on around the world.

“This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organisations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing,” said Mr Alperovitch.