War 2.0: China Suspected in Massive Cyberattack on U.N., U.S. Gov't, and More
August 3, 2011 3:50 PM
comment(s) - last by
China is suspected in a record setting hack, which affected many nations over the last five years.
(Source: Army Recognition)
The attack is believed to have done tremendous financial damage to those affected and given a financial boost to the attacker.
The attacks largely target the U.S. -- which has weak cyber-security, but also targeted Asian nations, Canada, and several European nations.
Attack "raped and pillaged" 72 organizations over 5 years
) subsidiary McAfee, has
just gone public
[declassified report] with an incredible study into what it says is the world's biggest organized computer hack in history. The attack, which it dubs "Operation Shady RAT" (RAT stands for remote access tool), began in mid-2006 and was still ongoing at the start of this year. And unsurprisingly, China -- arguably the world's foremost cyber-superpower -- is suspected as the guilty party.
I. U.S. and Others Get "Raped and Pillaged"
McAfee's vice president of threat research, Dmitri Alperovitch, in
, comments, "Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors. This is the biggest transfer of wealth in terms of intellectual property in history. The scale at which this is occurring is really, really frightening."
In his report he describes how a team of savvy hackers organized by a "state actor" infiltrated 72 carefully selected government and corporate systems around the world and began rapidly stealing valuable information.
Government victims included United States, Taiwan, India, South Korea, Vietnam, and Canada. A number of multinational organizations including the Association of Southeast Asian Nations (ASEAN), the International Olympic Committee (IOC), the World Anti-Doping Agency, and the United Nations. Numerous defense contractors and high-tech companies were also infiltrated in the U.S. and abroad.
In one of the highest profile attacks -- the infiltration of the United Nations' servers, the attacker gained access to systems belonging to the secretariat in Geneva in 2008 and then proceeded to lurk for two years, stealing valuable classified documents.
The longest attack appears to have targeted the Olympic committee of an unnamed South Asian nation, last 28 months. Many of the attacks were far briefer lasting only a month.
The sophisticated plot was discovered when McAfee researchers reviewing the server logs on affected U.S. contractors discovered that they were all communicating with common command-and-control servers in the unnamed attacker nation.
Mr. Alperovitch recalls the shock at this discovery, writing, "Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators. What is happening to all this data ... is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat."
II. The Red Dragon
Unsurprisingly most suspect China, given who was attacked and the nation's long history of cyberaggression [
Neither China or McAfee have officially commented on this possibility. But the timing lines up remarkably.
The attacks on the IOC and Olympic committee were executed in 2008, right before
the Beijing Olympics
. Given China's obsessive interest in topping its foreign competitors in the medal counts, there's a clear motive for the hacks, as they could have filled in secret details on when the Olympic officials planned to conduct drug tests. In theory China could have used the data to game the system, obfuscating steroid use or other types of cheating.
The attacks also were very focused on southeast Asia. South Korea, Japan, and Taiwan -- key economic rivals of China were all targeted.
In Taiwan's case, the attack may have served a double purpose, as China views Taiwan as a rebel province and has long looked for ways to undermine it economically and politically.
Jim Lewis, a cyber expert with the Center for Strategic and International Studies, states, "Everything points to China. It could be the Russians, but there is more that points to China than Russia."
One unnamed briefed expert affirms that the classified version of the information McAfee presented points to China.
III. Preying on the Weak
If the attacks were indeed the work of the Chinese government or its contractors, it scored a massive win economically. It's unknown what if any sort of punishment can be brought against the nation, as even if the evidence points to China, in such matters it's hard to conclusively prove the origin of an attack.
Further, many of the affected nations like the U.S. owe vast amounts of debt to the Chinese government and depend on China to support their
rare mineral resource
Many view China's recent actions as the strong of cyberspace picking on the weak. The U.S. is among those that has been
perceived as a "cyberweakling"
Vijay Mukhi, a cyber-expert based in India, states, "I'm not surprised because that's what China does, they are gradually dominating the cyberworld. I would call it child's play (for a hacker to get access to Indian government data) ... I would say we're in the stone age."
The report, which coincided with the
annual Black Hat security convention
in Las Vegas, took many by surprise.
Taiwanese officials said they were not aware of being part of a broader attack, though they said they were aware of many attacks against their government servers. U.N. officials also reported being unaware of the intrusion, though they were investigating. And the government of India refused to comment on whether it was aware of the attack on its government servers.
Japan seemed the least surprised, indicating knowledge of the attack, while emphasizing the uncertainty about who was behind the attacks. They say that they are conducting and investigation and working on "finalizing some guidelines. We aim to raise the security level as a whole and build a partnership between private sector organizations where information can be shared to prevent such attacks."
McAfee has informed all 72 companies who were attacked. In its public version of the report, it redacted the affected corporate parties' names, though it mentioned what nation and what business sector they were in.
Full details of the record setting assault are still not available, and may never be available. If McAfee is to be believed, though, the financial impact is likely enormous. The attack likely puts the affected governments, including the U.S. in panic mode. The pressing question -- how to improve their security so these attacks don't happen, and how to bring to justice an attacker who wields tremendous international financial power, should a breach occur.
This article is over a month old, voting and posting comments is disabled
Not saying the obvious.
8/3/2011 5:17:33 PM
The pressing question -- how to improve their security so these attacks don't happen,
It is also notable that the McAfee report also didn't mention whether the "hacks" were via one type of operating system in particular or via lots of them, and since McAfee's products are predominantly designed to run on the very popular Windows range of operating systems, which coincidentally are renowned for their insecurity, it would seem obvious that one incredibly easy and cheap way for companies and government departments to dramatically improve security (and productivity) is to not use the said Windows range of OSes, and also obvious that McAfee wouldn't mention it.
RE: Not saying the obvious.
8/3/2011 9:09:03 PM
Well look at that: Rating = 0.
Since no one has said what I've written is incorrect, then I guess I must be partially right. As I see it, every company and government department around the world has a choice between using a secure OS and an insecure one, and when that company or government department chooses to use the insecure one (which they have to pay a licence for) ahead of using a secure one, and there are many which are free, then there is nothing I or anyone else can do.
Sure, via Windows isn't the only means of illegally accessing a computer, but to there is little point in doing anything else until you've got rid of it.
RE: Not saying the obvious.
8/4/2011 1:06:12 AM
Anybody who knows anything that if you are hacking a machine then an updated and protected Windows machine is in fact the hardest to bypass. Linux is absolutely rife with insecurities (which is due to it's very nature) and OSX is...well, it's got roughly the same security measures as Windows 98.
RE: Not saying the obvious.
Dr of crap
Dr of crap
8/4/2011 9:09:25 AM
How about stating the obvious -
McAfee - really!
I've used both McAfee and Norton and had problems with both.
I think they are to big and can't protect computers well enough.
I would not put my trust in either of these again.
And as for what to do to potect their PCs from attack - Can't be that hard.
Even I have some ideas about that and I don't work in IT!
"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer
Chinese Hackers Score Heist of 35 Million South Koreans' Personal Info
July 28, 2011, 9:43 AM
"Pwnies" are the Grammies of the Hacker World
July 27, 2011, 4:21 PM
Cheap Labor in China Coming to an End
June 20, 2011, 10:52 AM
China Threatens Google for Speaking Out Against Cyberattacks
June 6, 2011, 9:44 AM
Reports: Hackers Use Stolen RSA Information to Hack Lockheed Martin
May 30, 2011, 10:14 AM
Facebook CEO Called President Barack Obama to Complain About NSA Spying
March 14, 2014, 1:40 PM
Quick Note: Google Drive 100GB, 1TB Plans See Major Price Cuts
March 13, 2014, 2:45 PM
Target Missed Early Warning Signs of Holiday Data Breach
March 13, 2014, 1:45 PM
Amazon Increases Prime Subscription to $99/year Starting March 19
March 13, 2014, 8:23 AM
Bitcoin King's American Accounts Get Frozen
March 13, 2014, 3:00 AM
Time Warner Cable CEO Says Merger with Comcast is a "Dream Combination", Will Increase Innovation
March 12, 2014, 2:37 PM
Most Popular Articles
Malaysian Airlines Flight 370 Made Wild Altitude Changes
March 14, 2014, 9:21 PM
Tesla Motors Calls New Jersey Out on New Rule Against Its Direct Sales Model
March 11, 2014, 12:01 PM
Hack Reveals Fallen Bitcoin CEO's Posh Tokyo Penthouse
March 10, 2014, 4:28 PM
Apple Authorized to Seek $40 Per Device Against Samsung
March 13, 2014, 4:31 PM
Man Who Shot Father for Texting During Movie Previews Was Also Texting
March 14, 2014, 2:25 PM
Latest Blog Posts
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
Global Cyber Espionage Concerns Reveal Growing Cyber Armies
Nov 29, 2013, 11:04 AM
Is The Period Becoming an Expression of Anger?
Nov 26, 2013, 2:02 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information