Menu

TECH

Massive Global Cyberattack Targeting U.S., U.N. Discovered; Experts Blame China

 

The world's most extensive case of cyber-espionage, including attacks on U.S. government and U.N. computers, was revealed Wednesday by online security firm McAfee, and analysts are speculating that China is behind the attacks.

The spying was dubbed "Operation Shady RAT," or "remote access tool" by McAfee -- and it led to a massive loss of information that poses a huge economic threat, wrote vice president of threat research Dmitri Alperovitch.

"What is happening to all this data -- by now reaching petabytes as a whole -- is still largely an open question," Alperovitch wrote on a blog detailing the threat. "However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat."

Analysts told The Washington Post that the finger of blame for the infiltration of the 72 networks -- 49 of them in the U.S. -- points firmly in the direction of China.

California-based McAfee would only say it believed there was one "state actor" behind the attacks -- identified from logs tracked to a single server -- against a long list of victims, including the governments of the U.S., Taiwan, India, Canada and others; the International Olympic Committee; the U.N; and an array of high firms and defense contractors. 

Alperovitch admitted he was shocked by the scope of the scam.

"Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," he wrote in a 14-page report released on Wednesday.

As the threat of cyberwarfare grows, 56 percent of Americans believe the U.S. should be able to authorize cyberattacks when necessary, according to a poll posted on 60Minutes.com. 

McAfee researchers discovered a “command and control” server in 2009 while investigating some attacks against defense contractors, Reuters reported. In March of this year, they returned to that computer and found logs revealing all of the attacks, the agency said.

While McAfee investigators can only guess what exactly was stolen, McAfee's Alperovitch said the attacker looked for data that would give it military, diplomatic and economic advantage, Reuters reported.

McAfee found evidence of security breaches as far back as mid-2006, but said that it’s possible the hacking began before that, Reuters reported. Some attacks lasted just a month, while others lasted for more than two years.

The attacks were carried out using spear-phishing emails, which are tainted with malicious software, to specific people at the organizations they targeted. When people clicked on an infected link, the intruder was able to jump on to the machine and use it to infiltrate the organizations computer network, Reuters said.

ShadyRAT map of countries hit

The frequency and location of cyberattacks believed to have originated from China, according to research firm McAfee.

The hackers sought out sensitive data on U.S. military systems and satellite communications, with the snooping apparently going on for several years.

Companies in construction, steel, energy, solar power, technology, accounting and media were targeted.

The intrusion into the U.N. computer system in Geneva in 2008 went unnoticed for nearly two years, while the hackers quietly combed through files of secret data, according to McAfee.

The UN said it was aware of the report, and had started an investigation to ascertain if there was an intrusion.

Many of the attacks targeted organizations linked to Taiwan and the IOC in the months leading up to the 2008 Beijing games, which pointed analysts toward China.

"This is the biggest transfer of wealth in terms of intellectual property in history," Alperovitch told Reuters. "The scale at which this is occurring is really, really frightening."

Reuters and NewsCore contributed to this report.