James Delahunty
3 Aug 2011 16:50
McAfee finds disturbing evidence of mass global data breaches in analysis of C&C servers.
In total, 72 organizations have been alerted by McAfee about security lapses going back five years. Among those caught up are the United Nations and the United States government. Disturbingly, McAfee tracks all of the intrusions to just one "state actor," which it does not identify. Security experts that examined McAfee's report are pointing the finger at China.
"Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," McAfee's vice president of threat research, Dmitri Alperovitch, wrote.
"What is happening to all this data ... is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat."
McAfee uncovered the global breaches when it was examining log files found on command and control servers discovered and seized in 2009. It has dubbed the attacks "Operation Shady RAT" with "RAT" standing for "Remote Access Tool."
"Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors," Alperovitch told Reuters.
Experts say that the targets of the attacks would have been of particular interest to Beijing. "Everything points to China. It could be the Russians, but there is more that points to China than Russia," Jim Lewis, a cyber expert with the Center for Strategic and International Studies, said.
For example, systems of the International Olympic Committee (IOC), the World Anti-Droping Agency and of the Taiwanese government were among the targets. The Olympics-related attacks occured before the 2008 Beijing Olympic games.
More Information: McAfee (full PDF report available.)