The governments of the United States and several other countries, US defence contractors, the United Nations and the International Olympic Committee have been targets of a massive global cyber spying campaign, US computer security firm McAfee said Wednesday.
California-based McAfee did not identify the "state-actor" believed to be behind the sophisticated hacking effort dubbed "Operation Shady RAT," which it traced back to at least 2006, but analysts pointed the finger at China. The report identified 72 "compromised" parties including the governments of Canada, India, South Korea, Taiwan, the United States and Vietnam.
Others included computer networks of the United Nations, the Association of Southeast Asian Nations, the International Olympic Committee, Asian and Western national Olympic committees, the World Anti-Doping Agency, a Department of Energy Department lab, and around a dozen US defence firms, McAfee said. McAfee vice president for threat research Dmitri Alperovitch, the lead author of the report, said "Operation Shady RAT" was a "five-year targeted operation by one specific actor."
"What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth," Alperovitch said. "What is happening to all this data - by now reaching petabytes as a whole - is still largely an open question," he said.
"However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat," he said, "not to mention the national security impact of the loss of sensitive intelligence or defence information."
James Lewis, a cybersecurity expert at the Washington-based Center for Strategic and International Studies, said the evidence may not be "conclusive in a legal sense," but suspicion points towards China. "You can think of at least three other large programs attributed to China that look very similar," Lewis told AFP. "It's a pattern of activity that we've seen before. It's in line with other activities."
In June, Google said that a cyber spying campaign originating in China had targeted Gmail accounts of senior US officials, military personnel, journalists and Chinese political activists. In January of last year, Google announced it was halting censorship of its Internet search engine in China after coming under attack along with 20 other companies from hackers based in China.
In February, McAfee said in another report that hackers in China have penetrated computer networks of global oil companies, stealing financial documents on bidding plans and other confidential information. McAfee said it had discovered the "Shady RAT" series of cyber attacks by gaining access to a command and control server used by the intruders and examining their logs.
"After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators," McAfee said. "In all, we identified 72 compromised parties," McAfee said, although "many more were present in the logs but without sufficient information to accurately identify them."