BOSTON Aug 3 Hackers breached the computer
networks of 72 organizations around the world over a five-year
period, in the biggest hacking campaign discovered to date,
security firm McAfee said on Wednesday.
Click on to see the story.
Here are questions and answers on the attacks, dubbed
"Operation Shady RAT" by McAfee, which was bought by Intel Corp
earlier this year:
Q. Who are the victims?
A. They include:
- Governments of Canada, India, South Korea, Taiwan, United
States and Vietnam.
- International bodies such as the United Nations, the
Association of Southeast Asian Nations (ASEAN), the
International Olympic Committee, the World Anti-Doping Agency.
- 12 U.S. defense contractors, 1 U.K. defense contractor.
- Companies in construction, steel, energy, solar power,
technology, satellite communications, accounting and media.
- Other groups ranging from a U.S. insurance association to
the Nevada county government and think tanks.
McAfee declined to identify many of the victims by name.
Q. When and how did the attacks take place?
A. McAfee found evidence of security breaches dating back to
mid-2006, but said the hacking might have begun well before
that. Some of the attacks lasted just a month, others stretched
to as many as 28 months.
The hackers sent so-called spear-phishing emails, which are
tainted with malicious software, to specific people at the
targeted organizations. When the unsuspecting individual clicks
on an infected link, it allows intruders to jump on to the
machine and use it to infiltrate the computer network.
Q. What information was stolen?
A. McAfee investigators have done their best to guess what
was likely stolen, based on interviews with a number of victims.
McAfee Vice President of Threat Research Dmitri Alperovitch said
the attacker sought data that would give it military, diplomatic
and economic advantage.
"If you look at an industry and think about what is most
valuable in terms of intellectual property, that is what they
were going after," Alperovitch said. As examples, he cited email
archives, negotiation documents and schematics for electronics.
Q. Who did it?
A. McAfee's Alperovitch said he believes that a nation state
was behind the attacks, but he declined to identify it. He said
the attacker is the same country that was behind other security
breaches that McAfee has previously investigated.
Jim Lewis, an expert in cyber attacks with the Center for
Strategic and International Studies, was briefed by McAfee.
Lewis said the presence of Taiwan and the International Olympic
Committee in the victims list suggest China is most likely the
perpetrator of the attack.
Q. How valuable is the data that was stolen?
A. "This is the biggest transfer of wealth in terms of
intellectual property in history," Alperovitch said. "The scale
at which this is occurring is really, really frightening."
"Companies and government agencies are getting raped and
pillaged every day. They are losing economic advantage and
national secrets to unscrupulous competitors," he said.
Q. How did McAfee learn of these attacks?
A. While investigating some attacks against defense
contractors, McAfee researchers found a "command and control"
server in 2009 used to manage the campaign. In March of this
year, they returned to that computer and found logs that
revealed all of the attacks.
McAfee is typically unable to discuss its investigations
because of non-disclosure agreements. The company was able to
discuss Operation Shady RAT because it was not bound by any
confidentiality agreements in this case.
Q. What does the "RAT" in Operation Shady RAT stand for?
A. RAT stands for "remote access tool," a type of software
that hackers and security professionals often use to access
computer networks from afar.
(Editing by Tiffany Wu and Martin Howell)
((firstname.lastname@example.org; + 1 617 856 4344; Reuters