Chinese puzzle of cyber attacks

SECURITY experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organisations including the United Nations, governments and companies worldwide.
By The Newsroom
Published 3rd Aug 2011, 16:53 BST
Updated 3rd Aug 2011, 22:19 BST

Security company McAfee, which uncovered the intrusions, said it believed one "state actor" was behind the attacks but refused to name it. One security expert briefed on the hacking said the evidence points to China.

The list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (Asean) trade alliance; the International Olympic Committee; the World Anti-Doping Agency; and an array of companies, from defence contractors to high-tech enterprises.

Hide Ad
Hide Ad

In the case of the UN, hackers broke into the computer system of its secretariat in Geneva in 2008, hid there for nearly two years, and quietly combed through reams of secret data, according to McAfee.

In a 14-page report, McAfee's vice-president of threat research, Dmitri Alperovitch, said: "Even we were surprised by the enormous diversity of the victim organisations and the audacity of the perpetrators.

"What is happening to all this data… is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation, the loss represents a massive economic threat."

McAfee learned of the extent of the hacking campaign in March, when researchers discovered logs of the attacks while reviewing the contents of a "command and control" server discovered in 2009 as part of an investigation into security breaches at defence companies.

It dubbed the attacks "Operation Shady RAT" and said the earliest breaches date back to mid-2006. (RAT stands for "remote access tool," software used to access networks remotely).

Some of the attacks lasted just a month, but the longest - on the Olympic Committee of an unidentified Asian nation - went on and off for 28 months.

Mr Alperovitch said: "Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors.

"This is the biggest transfer of wealth in terms of intellectual property in history. The scale is really, really frightening."

Hide Ad
Hide Ad

McAfee, he said, had notified all 72 victims of the attacks, which are under investigation by law enforcement agencies. He declined to give more details.

Jim Lewis, a cyber expert with the Centre for Strategic and International Studies, said it was very likely China was behind the campaign as targets were of particular interest to Beijing. The Olympics-related breaches occurred before the 2008 Beijing Games. He said: "Everything points to China.It could be the Russians, but there is more that points to China than Russia."

McAfee released the report to at the start of the Black Hat conference in Las Vegas, an annual meeting of cyber crime experts.

Related topics:China