"State actor" behind slew of cyber attacks

BOSTON Wed Aug 3, 2011 7:17pm EDT

Josh Mayeux, network defender, works at the Air Force Space Command Network Operations & Security Center at Peterson Air Force Base in Colorado Springs, Colorado July 20, 2010. REUTERS/Rick Wilking

Josh Mayeux, network defender, works at the Air Force Space Command Network Operations & Security Center at Peterson Air Force Base in Colorado Springs, Colorado July 20, 2010.

Credit: Reuters/Rick Wilking

BOSTON (Reuters) - Security experts have discovered an unprecedented series of cyber attacks on the networks of 72 organizations globally, including the United Nations, governments and corporations, over a five-year period.

Security company McAfee, which uncovered the intrusions, said it believed there was one "state actor" behind the attacks but declined to name it, though several other security experts said the evidence points to China.

The long list of victims in the extended campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.

In the case of the United Nations, the hackers broke into the computer system of its secretariat in Geneva in 2008, hid there for nearly two years, and quietly combed through reams of secret data, according to McAfee.

"Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," McAfee's vice president of threat research, Dmitri Alperovitch, wrote in a 14-page report released on Wednesday.

"What is happening to all this data ... is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat."

McAfee learned of the extent of the hacking campaign in March this year, when its researchers discovered logs of the attacks while reviewing the contents of a "command and control" server that they had discovered in 2009 as part of an investigation into security breaches at defense companies.

It dubbed the attacks "Operation Shady RAT" and said the earliest breaches date back to mid-2006, though there might have been other intrusions. (RAT stands for "remote access tool," a type of software that hackers and security experts use to access computer networks from afar).

Some of the attacks lasted just a month, but the longest -- on the Olympic Committee of an unidentified Asian nation -- went on and off for 28 months, according to McAfee.

"Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors," Alperovitch told Reuters.

"This is the biggest transfer of wealth in terms of intellectual property in history," he said. "The scale at which this is occurring is really, really frightening."

CHINA CONNECTION?

Alperovitch said that McAfee had notified all 72 victims of the attacks, which are under investigation by law enforcement agencies around the world. He declined to give more details.

Jim Lewis, a cyber expert with the Center for Strategic and International Studies, said it was very likely China was behind the campaign because some of the targets had information that would be of particular interest to Beijing.

The systems of the IOC and several national Olympic Committees were breached before the 2008 Beijing Games. And China views Taiwan as a renegade province, and political issues between them remain contentious even as economic ties have strengthened in recent years.

"Everything points to China. It could be the Russians, but there is more that points to China than Russia," Lewis said.

McAfee, acquired by Intel Corp this year, would not comment on whether China was responsible.

There was no comment from China on the report.

The U.N. said it was aware of the report, and had started an investigation to ascertain if there was an intrusion.

A U.S. Defense Department spokeswoman, Air Force Lieutenant Colonel April Cunningham, said "it is unknown who is perpetrating these intrusions."

"With regard to China, we reported to Congress in 2010 that China is actively pursuing cyber capabilities with a focus on the exfiltration of information, some of which could be of strategic or military utility," Cunningham said.

White House spokesman Jay Carney declined to comment on the report's findings but said U.S. President Barack Obama viewed cybersecurity as a top priority and was working to tighten the defenses of both the government and private sector.

U.S. Homeland Security Secretary Janet Napolitano said, "We obviously will evaluate it, look at it and pursue what needs to be pursued in terms of its content."

Britain's electronic spy agency told Reuters the McAfee report highlighted the need for international cooperation as cyber security challenges were transnational.

"Attribution for attacks in cyberspace is always difficult. But whoever is responsible, this report is another reminder of the need for effective cyber-security," said a spokeswoman for the Government Communications Headquarters, one of the three main arms of British intelligence.

STONE AGE

Vijay Mukhi, a cyber-expert based in India, said some South Asian governments were highly vulnerable to hacking from China.

"I'm not surprised because that's what China does, they are gradually dominating the cyberworld," he said. "I would call it child's play (for a hacker to get access to Indian government data) ... I would say we're in the stone age."

In Taiwan, an official of the Criminal Investigation Bureau, which has a cyber crime unit, said he had no knowledge of the McAfee report but added there had been no cases in recent years of hacking of government websites.

An official from the Japanese trade ministry's information security policy team said it was difficult to determine whether a specific government lay behind a cyber attack "although we see which countries the attacks originate from."

McAfee released the report to coincide with the start of the Black Hat conference in Las Vegas, an annual meeting of security professionals who promote security and fight cyber crime.

(Additional reporting from Tom Miles in Geneva, Jack Kim in Seoul, James Pomfret in New Delhi, William Maclean in London, Laura MacInnis and Jeremy Pelofsky in Washington; editing by Tiffany Wu, Martin Howell, Ron Popeski, Ed Lane, Eric Walsh, Bill Trott and Matthew Lewis)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (24)
Eideard wrote:
Of course, the NSA doesn’t do anything like this anywhere in the world. Hogwash.

Aug 03, 2011 8:33am EDT  --  Report as abuse
Huck_Finn wrote:
And, sadly, those same chinese cyber “red agents” are probably going to flood this thread with pro-CCP propaganda.

Or they will pretend to be US citizens on this thread and criticize the West as a ploy to distract negative attention away from china.

It really is becoming overwhelmingly dispicable.

china is morally bankrupt!

Aug 03, 2011 8:36am EDT  --  Report as abuse
Huck_Finn wrote:
The US should just refuse to pay back china’s money currently sitting in T bills, as a down-payment on all the losses the US has incurred as a result of china’s IP theft.

It’s sad, really. china is morraly bankrupt!

Aug 03, 2011 9:49am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

A tourist takes a plunge as she swims at Ngapali Beach, a popular tourist site, in the Thandwe township of the Rakhine state, October 6, 2013. Picture taken October 6, 2013. REUTERS/Soe Zeya Tun (MYANMAR - Tags: SOCIETY) - RTR3FOI0

Where do you want to go?

We look at when to take trips, budget considerations and the popularity of multigenerational family travel.   Video