Huge Cyber Spying Effort Revealed, China Suspected
WASHINGTON - The United States, United Nations, defense contractors and the International Olympic Committee were targets of a massive global cyber spying campaign, a computer security firm said on Aug. 3, with China seen as the likely culprit.
McAfee vice president for threat research Dmitri Alperovitch described it as a "five-year targeted operation by one specific actor" but declined to identify the country responsible.
California-based McAfee said in a report it had identified 72 victims in 14 countries of a sophisticated hacking effort dubbed "Operation Shady RAT," which it traced back to at least 2006.
The "compromised parties" included the governments of Canada, India, South Korea, Taiwan, the United States and Vietnam, McAfee said, as well as a U.S. Department of Energy research laboratory and around a dozen U.S. defense contractors.
Others included computer networks of the United Nations, the Association of Southeast Asian Nations, the International Olympic Committee, Asian and Western national Olympic committees and the Montreal-based World Anti-Doping Agency.
In a conference call with reporters, Alperovitch, the lead author of the report, said the intrusions into the systems of defense contractors targeted "sensitive military technologies."
He said McAfee had notified law enforcement about the cyber espionage campaign, briefed the White House and members of the U.S. Congress and was working with some of the targeted companies on remediation efforts.
"We believe based on the targeting and the scale and the impact of these operations, and the fact that they didn't just have an economic gain in mind but also political and military, that that this is clearly a nation-state but we're not pointing the finger at anyone," Alperovitch said.
James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said the evidence may not be "conclusive in a legal sense," but suspicion points towards China.
"You can think of at least three other large programs attributed to China that look very similar," Lewis told AFP. "It's a pattern of activity that we've seen before."
Google said in June that a cyber spying campaign originating in China had targeted Gmail accounts of senior U.S. officials, military personnel, journalists and Chinese political activists.
In January of last year, Google announced it was halting censorship of its Internet search engine in China after coming under attack along with 20 other companies from hackers based there.
In February, McAfee said in another report that hackers in China have penetrated computer networks of global oil companies, stealing financial documents on bidding plans and other confidential information.
McAfee said it had discovered the "Shady RAT" series of cyber attacks by gaining access to a command and control server in a Western country used by the intruders and examining its logs.
"After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," McAfee said.
McAfee said attacks on Asian and Western national Olympic committees, the International Olympic Committee and the World Anti-Doping Agency occurred in the lead-up and immediate follow-up to the 2008 Beijing Olympics.
It described this as "particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks."
Other targets included a private Western organization focused on promoting democracy, two U.S. national security think tanks, South Korean steel and construction firms, a Danish satellite communications company, a Singapore electronics company, a Taiwanese electronics firm, Vietnam's government-owned technology company and U.S. state and county governments, McAfee said.
It said a major U.S. news organization - identified as the Associated Press by The Washington Post - was "compromised at its New York headquarters and Hong Kong bureau for more than 21 months."
McAfee said the attacks involved sending infected emails to employees of the targeted companies. When opened, the emails implanted malware and established a backdoor communication channel to the command and control server.
Data theft appeared to be the chief objective of the attackers but Alperovitch warned the "potential exists for even more insidious activity."
"These intruders are in our systems, in the systems of all these companies, in all these government systems," he said. "The likelihood that they'll escalate the activity from just stealing data to modifying data or destroying data or destroying systems is also there."