McAfee, the global computer security, has identified 72 companies, governments and organizations that have been systematically hacked over the past five years, all in a manner that eluded detection because the hacks were the equivalent of sleeper-cell spies. In the case of the United Nations, the hackers entered the secretariat in Geneva and simply sat inside the computers collecting data for over two years.
It is suspected that the perpetrators are the Chinese, though the “state actor” has not been formally identified.
Among the hackees were the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN), the International Olympic Committee (IOC), the World Anti-Doping Agency; along with companies ranging from defense contractors to tech companies.
In a 14-page report, McAfee vice president of threat research, Dmitiri Alperovitch, wrote, “Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators. What is happening to all this data…is largely still an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat.”
The extent of the hacking was discovered in March when researchers were reviewing the logs of a “command and control” server that they had discovered in 2009 while investigating breaches at defense companies. The attacks have been named “Operation Shady RAT (remote access tool)” and the earliest dates to 2006. Some attacks lasted only a month, while the attack on the Olympic Committee of one Asian nation went on for 28 months.
Alperovitch told Reuters News Service, “Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors. This is the biggest transfer of wealth in terms of intellectual property in history. The scale at which this is occurring is really, really frightening.” All 72 victims have been notified and the attacks are under investigation by law enforcement agencies around the world.
The circumstantial evidence points to China. The Olympic Committee hacks were done just before the 2008 Beijing Games. Taiwan has been a PR problem for China since the anti-communists removed themselves to the island after the post-World War II civil war. Taiwan’s economy flourished in the first few decades while China floundered under communist rule. Though Russia is a possible suspect, the targets are of more interest to China.
Vijay Mukhi, an Indian cyber-expert, told Reuters that some Asian governments like India are very vulnerable to hacking from China. “I’m not surprised because that’s what China does. They are gradually dominating the cyberworld. I would call it child’s play (for a hacker to get access to Indian government data)…I would say we’re in the stone age.”
But Hwang Mi-kyung, of the leading South Korean cyber security company Ahnlab, said it is too soon to assume that China is the sole perpetrator. “I think we’re beyond the stage where we should be focusing on the technical aspect of addressing individual attacks and instead we should think more in terms of what we can do policywise. For that, the involvement of the Chinese government is very important.”
On Wednesday, Black Hat, the conference of security professionals, convened in Las Vegas. Though the hacks by Anonymous and LulzSec are on the agenda, Operation Shady RAT is far more dangerous. Anonymous and LulzSec have actually done very little operational damage to the companies and organizations they have attacked, but Operation Shady RAT gathers information and accesses operational systems that allow damage at the core of these victims.
Alperovitch noted in his report, “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of victims rarely discovering the intrusion or its impact. In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those who know they’ve been compromised and those that don’t yet know.”