Five Years of Hacking (Updated)
Strange Days for Information Security, you may watch my July 2011 Attacks Chart for noticing how troubled July has been. August promises to be even worse, but this is not the point…
The point is that in an Interview to Vanity Fair, which is not tipically an Information Security Magazine, Dmitri Alperovitch, Vice President of threat research at McAfee reported that, for at least five years, a high-level hacking campaign, dubbed Operation Shady RAT (like Remote Access Tool), has infiltrated the computer systems of national governments, global corporations, nonprofits, and other organizations. This infiltration has made more than 70 victims in 14 countries for what has been defined “Biggest-ever series of cyber attacks uncovered”, an attack so big that, according to Alperovitch: “It’s been really hard to watch the news of this Anonymous and LulzSec stuff, because most of what they do, defacing Web sites and running denial-of-service attacks, is not serious. It’s really just nuisance.”
Victims included government agencies in the United States, Taiwan, South Korea, Vietnam, and Canada, the Olympic committees in three countries, and the International Olympic Committee. Rounding out the list of countries where Shady rat hacked into computer networks: Japan, Switzerland, the United Kingdom, Indonesia, Denmark, Singapore, Hong Kong, Germany, and India. The vast majority of victims—49—were U.S.-based companies, government agencies, and nonprofits. The category most heavily targeted was defense contractors—13 in all.
In addition to the International Olympic Committee, the only other victims that McAfee has publicly named are the World Anti-doping Agency, the United Nations, and ASEAN, the Association of Southeast Asian Nations (whose members are Indonesia, Malaysia, the Philippines, Singapore, Thailand, Brunei, Burma, Cambodia, Laos, and Vietnam).
All the signs of the attack point to China. If confirmed this would be the third attack discovered by McAfee originating from China, after Operation Aurora and the Night Dragon.
One thing is clear: if Vanity Fair is dealing with Information Security, there is really something strange. At least let us hope this is not the sign Information Security is simply becoming a matter of fasion.
Meanwhile, after the Vanity Fair preview, McAfee has released its report on Shady RAT. McAfee was able to gain access to one specific Command & Control server used by the intruders, collecting logs that reveal the full extent of the victim population since mid-2006 when the log collection began. The results are described inside the documents and Curiously China, which was reported by the press as the alleged author of the attack, is never expressely quoted.
Interesting to say, this report raised several doubts on McAfee Competitors. As an example, Sophos, on a dedicated post, considers that there’s nothing particularly surprising in McAfee’s report since companies get often targeted by hackers, who install malware to gain remote access to their computers and data, sometimes driven by motivations for hacking which extend beyond purely financial (for instance, IP theft, economic, political, etc motivations).
Moreover, Sophos wonders why McAfee did not disclose what kind of information was stolen from the targeted organisations, and how many computers at each business were affected.
In any case I noticed with pleasure that, like I did, Sophos was also surprised from the fact the preview was first released on Vanity Fair…