McAfee reveals advanced global cyber threat exists

August 4, 2011 12:17:00 AM PDT
There have been 72 targets in 14 countries hit by a cyber attack. A Bay Area computer security firm reveals an advanced global cyber threat, targeting business and government. Computer security experts at Santa Clara McAfee corporation say the audacity of the perpetrators surprised even them. What is perhaps most damaging is there are stolen military and government documents.

McAfee says the political stakes are so high that they are not saying who they believe is behind the attacks. However, there is a lot of speculation that either Russia or China is behind the attacks and many believe one of those governments has been working with skilled hackers since 2006 to siphon off valuable secrets.

McAfee has identified 72 organizations, businesses and government agencies that have had their computer systems hacked and information stolen. The cyber security bust is dubbed "Operation Shady RAT". It identified 49 victims in the U.S. including government agencies and 13 defense contractors.

"It's stuff like source code, engineering designs, business plans. The sort of stuff that we bet our company's future on that we are going to define ourselves in the market. It's the staff that is extremely sensitive and extremely valuable," said McAfee security expert Gary Davis.

Other than naming the United Nations and International Olympic Committees, McAfee does not specifically identify most of the victims, instead referring to them genetically as "U.S. Federal government Agency No.1" and "U.S. Defense Contractor No.3".

The length of the infiltration lasted anywhere from months to years. The company is also not naming its prime suspect, but based on similar recent cases such as the 2009 attack on Google, many security and technology experts say the logical culprit is China.

"That rat might indeed be China and if that is indeed the case, this is a massive case of state-sponsored cyber espionage," said technology analyst Larry Magid.

Davis does confirm the company believes the command and control server responsible for the hacking is operated by a nation state, a country with the resources and patience to launch a long term coordinated attack.

The Santa Clara firm is now working with the federal government and other hacking victims, but admits it is almost impossible to stop determined cyber thieves.

"There's nothing that we could say, 'there is the silver bullet if you do this one thing, or do that one best practice, you've nailed it' because eventually, the nature of this is that are always trying to find new ways to get information and they are very clever," said Davis.

McAfee says it learned of this global hacking by gaining access to what it calls the intruder's command and control server and then analyzing the logs and the traffic to identify the victims.

Load Comments