Computer security company McAfee has said that it has discovered a massive global cyber spying operation targeting several US government departments, the UN and other governments across the world for five years or more.
Analysts say it is likely that China is behind the cyber espionage dubbed ‘Operation Shady RAT’ by McAfee. Vanity Fair, who originally broke the story, quotes James A. Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies, as saying: "All the signs point to China. Who else spies on Taiwan?"
RAT stands for "remote access tool".
The Guardian reported that security experts at McAfee had discovered a "command and control" server in 2009 that was used to control the operation. On revisiting the server this March, experts found logs which revealed all of the attacks.
Victims of the snooping campaign include: governments of Canada, India, South Korea, Taiwan, the US and Vietnam; international bodies such as the UN, the Association of Southeast Asian Nations (ASEAN), the International Olympic Committee, the World Anti-Doping Agency; 12 US defense contractors, one UK defense contractor; and companies in construction, energy, steel, solar power, technology, satellite communications, accounting and media, said an AFP report.
McAfee said there is evidence that security breaches date back to mid-2006.
McAfee vice-president of Threat Research Dmitri Alperovitch said the attacker was looking for information in military, diplomatic and economic domains.
"If you look at an industry and think about what is most valuable in terms of intellectual property, that is what they were going after," Alperovitch said.
He said that the loss represents a massive economic threat. "This is the biggest transfer of wealth in terms of intellectual property in history," Alperovitch said. "The scale at which this is occurring is really, really frightening."
"Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors," he said.
Alperovitch said a nation state was behind the operation. Experts have blamed China for the snooping, though they say that it could be the work of Russia as well.
However, Graham Cluley of rival security firm Sophos said the industry should wait before proclaiming this the biggest cyber-attack of all time. "What the report doesn’t make clear is what information was stolen from the targeted organisations, and how many computers at each business were affected," he wrote on his blog.
"I can’t help but feel that we can’t call "Operation Shady RAT" (McAfee’s name, by the way) the biggest ever cyber-attack without having questions like those answered."
He also queried suggestions that China was behind the attacks. "The report (quite rightly, in my opinion) refuses to name who it believes is responsible for the hack. Nevertheless, the media have leapt to the conclusion, with a nudge and a wink, that it simply must be China, despite the lack of any evidence in the report that it is China."
"I don’t think we should be naive. I’m sure China does use the internet to spy on other countries. But I’m equally sure that just about every country around the world is using the internet to spy. Why wouldn’t they? It’s not very hard, and it’s certainly cost effective compared to other types of espionage," he said.
