File photo shows US Department of Homeland Security analysts work at the National Cybersecurity & Communications Integration Center (NCCIC) located just outside Washington in Arlington, Virginia. Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organisations.
THE governments of the United States and several other countries, US defense contractors, the United Nations, Association of Southeast Asian Nations (Asean) and the International Olympic Committee have been targets of a massive global cyber spying campaign, US computer security firm McAfee said yesterday.
California-based McAfee did not identify the "state-actor" believed to be behind the sophisticated hacking effort dubbed "Operation Shady RAT," which it traced back to at least 2006, but analysts pointed the finger at China.
The report identified 72 "compromised" parties including the governments of Canada, India, South Korea, Taiwan, the United States and Vietnam.
Others included computer networks of the United Nations, the Association of Southeast Asian Nations (Asean), the International Olympic Committee, Asian and Western national Olympic committees, the World Anti-Doping Agency, a Department of Energy Department lab, and around a dozen US defense firms, McAfee said.
McAfee vice president for threat research Dmitri Alperovitch, the lead author of the report, said "Operation Shady RAT" was a "five-year targeted operation by one specific actor."
"What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth," Alperovitch said.
"What is happening to all this data - by now reaching petabytes as a whole - is still largely an open question," he said.
"However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat," he said, "not to mention the national security impact of the loss of sensitive intelligence or defense information."
James Lewis, a cybersecurity expert at the Washington-based Center for Strategic and International Studies, said the evidence may not be "conclusive in a legal sense," but suspicion points towards China.
"You can think of at least three other large programmes attributed to China that look very similar," Lewis told AFP. "It's a pattern of activity that we've seen before. It's in line with other activities."
In June, Google said that a cyber spying campaign originating in China had targeted Gmail accounts of senior US officials, military personnel, journalists and Chinese political activists.
In January of last year, Google announced it was halting censorship of its Internet search engine in China after coming under attack along with 20 other companies from hackers based in China.
In February, McAfee said in another report that hackers in China have penetrated computer networks of global oil companies, stealing financial documents on bidding plans and other confidential information.
McAfee said it had discovered the "Shady RAT" series of cyber attacks by gaining access to a command and control server used by the intruders and examining their logs. "After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," McAfee said.
"In all, we identified 72 compromised parties," McAfee said, although "many more were present in the logs but without sufficient information to accurately identify them."
McAfee said attacks on Asian and Western national Olympic committees, the International Olympic Committee and the World Anti-Doping Agency occurred in the lead-up and immediate follow-up to the 2008 Beijing Olympics.
It described this as "particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks."
Other targets included a private Western organization focused on promoting democracy, two US national security think tanks, South Korean steel and construction firms, a Danish satellite communications company, a Singapore electronics company, a Taiwanese electronics firm, Vietnam's government-owned technology company and US state and county governments, McAfee said. It said a major US news organisation - identified as the Associated Press by The Washington Post - was "compromised at its New York headquarters and Hong Kong bureau for more than 21 months."
"The longest compromise was recorded at an Olympic Committee of a nation in Asia; it lasted on and off for 28 months, finally terminating in January 2010," McAfee said.
McAfee said the attacks involved sending infected emails to employees of the targeted companies. When opened, the emails implanted malware and established a backdoor communication channel to the command and control server.