Cyber-espionage
August 3, 2011
The United Nations Office at Geneva, a British defense contractor, a German accounting firm and a Danish communications satellite company were among the European targets in a massive cyber-espionage operation detailed in a 14-page report released Tuesday by McAfee, an American computer security firm.
In addition, a significant number of government servers, including ones in the United States, India, Taiwan, Vietnam and Canada were also targeted in "Operation Shady RAT."
RAT, or Remote Administration Tool, is a program that can be used by computer professionals to access other computers remotely.
"After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," wrote the report's author, Dmitri Alperovitch, a researcher at McAfee.
In the report, Alperovitch said the initial attack came about via a "spear-phishing e-mail," - a highly targeted false e-mail directed at a particular person. The e-mail is written in such a way as to convince the target to open an attachment, which is a piece of malicious software, or malware.
Once the malware is installed on the target computer within the company or organization, it will download more unauthorized software, and will then search out specific information or documents inside the compromised network and secretly transmit them to the attacker.
McAfee's report said the affected computers were targeted starting in July 2006 and ending in September 2010.
China may be behind attacks
McAfee's report does not name a specific perpetrator, but it does give a few clues that the attacker may be connected with China, which has been long-suspected to have some of the world's most sophisticated cyberattacking and cyber-espionage capabilities.
"The interest in the information held at the Asian and Western national Olympic Committees, as well as the International Olympic Committee (IOC) and the World Anti-Doping Agency in the lead-up and immediate follow-up to the 2008 Olympics was particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks," Alperovitch wrote.
Other computer security experts have suspected China as well.
"Everything points to China," said Jim Lewis, a cyber expert with the Center for Strategic and International Studies, in an interview with Reuters, "It could be the Russians, but there is more that points to China than Russia."
Another computer security researcher, Vijay Mukhi, told Reuters that the Indian government's networks were particularly weak, and that he would not be surprised if the operation turned out to be orchestrated by the Chinese government or military.
"I'm not surprised because that's what China does, they are gradually dominating the cyberworld," he said.
Author: Cyrus Farivar (Reuters, AFP)
Editor: Sean Sinico