Skip to: Content
Skip to: Site Navigation
Skip to: Search


Massive global cyberattack hits US hard: Who could have done it?

Cybersecurity firm McAfee says it infiltrated a 'command and control' server with detailed logs of five years of cyberattacks against targets ranging from the US government to the World Anti-Doping Agency. McAfee suggests a country was behind it. Experts suspect China.

By Staff writer / August 3, 2011

This screen shot shows the McAfee website. A computer security firm says cybercriminals have spent at least the past five years targeting more than 70 government entities, nonprofit groups and corporations to steal troves of data.

AP

Enlarge

Cyberspies believed to be working for a national government for the past five years have stolen vast amounts of classified, sensitive, or proprietary information from at least 72 companies and government and nonprofit groups in 14 countries, with the bulk of the victims in the United States, a major cybersecurity firm is reporting.

Skip to next paragraph

“What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth,” the report’s co-author, Dmitri Alperovitch, a vice president of Santa Clara, Calif.-based McAfee, wrote on his blog.

Targets of the information theft included the US federal and state governments, county governments, and Canadian, South Korean, Vietnamese, Taiwanese, and Indian governments. Among other targets: defense contractors, the United Nations, prodemocracy groups, and individual companies in the steel, energy, solar power, electronics, and computer security industries.

What distinguishes this new report from others in the recent past is its level of detail, some cybersecurity experts said. In part that could be because the perpetrators created detailed logs of their exploits on a “command and control” server that McAfee was able to infiltrate.

“Closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts,... and much more has ‘fallen off the truck’ of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries,” Mr. Alperovitch wrote.

'Massive economic threat'

The impact of that loss represents a “massive economic threat” not only to companies and industries but whole nations that now could see diminished economic growth as the global competitive landscape intensifies – and jobs lost, according to McAfee's report, “Revealed: Operation Shady RAT.” RAT is an acronym for “Remote Access Tool.”

Unlike typical cybercriminals, McAfee says the cyberspies showed keen interest in nonmonetary information, infiltrating economic trade groups, think tanks and political and nonprofit groups – even international sports. Asian and Western national Olympic Committees were targets, as were the International Olympic Committee (IOC) and World Anti-Doping Agency – both hit in the months before and after the 2008 Olympics.

Permissions

Read Comments

View reader comments | Comment on this story