Security team uncovers "biggest ever" cyber attack
By Stewart Mitchell
Posted on 3 Aug 2011 at 08:55
Security experts claim to have uncovered the biggest series of cyber attacks in history.
The organised operation targeted the UN as well as governments and companies around the world.
The five-year stealth attack hit 72 organisations around the world - including the US Government, the UN, the International Olympic Committee (IOC), the World Anti-Doping Agency and a slew of tech and defence companies, according to security firm McAfee.
It's the latest in a series of international attacks that have seen China blamed for systematic data gathering and espionage.
As an example of the potential damage caused and methods used, McAfee said the UN was hacked when its systems were broken into at its secretariat in Geneva. The infiltrators hid their presence until discovered by McAfee, giving the perpetrators years to comb through secret data.
"Even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators," McAfee's vice president of threat research, Dmitri Alperovitch, wrote in a 14-page report seen by Reuters.
Everything points to China. It could be the Russians, but there is more that points to China than Russia
"What is happening to all this data... is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat," he said.
McAfee chose not to disclose who it thought was behind the attacks, although it suggested state-run hacking was likely.
According to the company, it stumbled across the campaign when it came across logs of the attack while reviewing a control and command server captured as part of a probe into an earlier defence company hack.
The earliest attacks dated back to 2006, McAfee said, adding that the level of espionage was unprecedented.
"Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors," Alperovitch said.
"This is the biggest transfer of wealth in terms of intellectual property in history," he said. "The scale at which this is occurring is really, really frightening."
State backing?
Although McAfee decline to name the companies attacked, it said all victims had been notified, and wouldn't be drawn on naming the origin of the hack.
However, a security expert at the Center for Strategic and International Studies (CSIS) close to the situation hinted that China was the most likely culprit for the attacks due to the timing and targets, with the IOC's systems targeted in the run-up to the 2008 Beijing Olympics.
"Everything points to China. It could be the Russians, but there is more that points to China than Russia," CSIS's Jim Lewis told Reuters.
From around the web
Is anyone really surprised?
When government's security systems and procedures are so "good" that some guy sitting in his bedroom can hack into NASA and US gov networks and unnoticed search for alien evidence for months if not years, how naive you should be not to think that hostile governments who have huge resources would not do the same, just on much large and more sophisticated scale. And obviously it's not aliens they are after.
By aa111 on 3 Aug 2011 
Alien included?
Well as all alien landings happen in America according to Hollywood) it would not be unexpected for these 'hostile' governments to look for that as well? The technological benefits of reverse engineered ‘alien’ tech would be immense ;-)
By ITZ_Go_One on 3 Aug 2011
Forget aliens...
they are just looking for evidence that Elvis is still alive.
By russv1 on 4 Aug 2011
Junk
I love the idea that this is "the biggest transfer of wealth in terms of intellectual property in history". 99.999999% of the data was probably junk, the equivalent of emptying wastepaper bins. Perhaps IP is sold by weight nowadays (Forget about the significance, feel the gigabytes...)
By dick_pountain on 4 Aug 2011
Advertising Feature for McAfee?
Is there any component of news in this story, or is it purely an advertising feature for MCAfee?
Have you verified any of their claims, or have you simply accepted their press release and published it as fact.
By Henry3Dogg on 4 Aug 2011
Another Microsoft success story
Notice how these reports now hide the details of the operating system that was compromised?
Also notice opinion and speculation assigning blame on China (no cold hard facts or evidence)?
"Economic threat"? So the world economy works well and isn't a Ponzi scheme, and we need someone to blame if everything collapses in the near future?
Solution:
1. Stop using Windows!! It is the biggest security threat on the face of the planet!!!
2. Every time a Windows vulnerability is exploited resulting in financial loss or cost (for the clean-up), the hold Microsoft financially liable!!
3. Stop illegal bundling of Windows with new PCs. It's anti-competitive and takes away consumer choice!!
The Russian government will completely migrate to Linux by 2015. I bet they won't suffer from any of these problems.
Windows is the cause, theses hacks are just the symptoms. Anyone who uses Windows deserves everything they get.
By FreedomFighter on 5 Aug 2011
Unnecessary scaremongering...?
In the research report, McAfee never claimed China was responsible in their report, they merely claimed that it seemed like a state-sponsored actor. There's other countries in the world (e.g. Iran, North Korea, Russia) who have enough technical ability along with the motivation to pull off such an attack. And lets be honest, the technology used here isn't state of the art malware, it was using known exploits, and owning machines via run-of-the-mill spear phishing attacks. Some further reading here for those interested: McAfee Operation Shady Rat: A Media Storm is Unleashed
http://www.internetsecuritydb.com/2011/08/mcafee-o
peration-shady-rat-media-storm.html
By Rob7600 on 7 Aug 2011
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
