Five-Year Global Cyber Hack Breaches UN, Governments, U.S. Agencies
Experts at McAfee Security Company released a report Wednesday revealing the details behind a massive cyber attack that that lasted up to five years and targeted the United Nations as well as several governments and U.S. corporations.
The cyber attack dubbed “Operation Shady RAT,” in which RAT stands for remote access tool, infiltrated computers and stole data from a total of 72 targets beginning in 2006; forty-nine of the targets were U.S. agencies.
Governments, companies and organizations in Canada, Japan, South Korea, Taiwan Switzerland and Great Britain were also among those penetrated. The elaborate security take down invaded many of the high level databases for up to two years. One unidentified Asian country had their Olympic Committee hacked for 28-months.
“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” Dmitri Alperovitch, vice president of McAfee, said in a blog about the report.
McAfee says it is likely a government body in a nation-state perpetrated the attack, but did not give clues as to which country they believe is behind the hack.
Many are blaming China for the cyber attacks, pointing out that Chinese hackers were behind a Google hack last year where they stole some of the company’s source code.
The fact that the International Olympic Committee, as well as agencies in several Asian countries, was among those attacked is also an issue of concern for many.
Some security experts suggest that the Chinese government has been partnering with professional hackers to develop a sophisticated cyber warfare unit.
McAfee began to unfold the history of the attack in March 2010, while investigating a different security breach that targeted various defense companies. Upon reviewing an uncovered server, McAfee discovered logs of the attack dating back to mid-2006.
Exactly what kind of information was stolen is still largely unknown. Some of the affected organizations say that while disturbing the breach has not affected them negatively.
International Olympic Committee spokesperson Mark Adams stated that the organization is “transparent” and “has no secrets that would compromise either our operations or our reputation.”
However, Alperovitch says the attack is a major cause for concern for many of the hacked companies.
“If even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat,” said Alperovitch.
McAfee has decided not to release the names of most of the corporations affected by the attack to prevent creating unease among their customers and shareholders.