The world's most extensive case of cyber-espionage, including attacks on U.S. government and U.N. computers, is set to be revealed Wednesday by online security firm McAfee, and analysts are speculating that China is behind the attacks.
The spying was dubbed "Operation Shady RAT," or "remote access tool" by McAfee -- and it led to a massive loss of information that poses a huge economic threat, wrote vice president of threat research Dmitri Alperovitch
"What is happening to all this data?—?by now reaching petabytes as a whole?—?is still largely an open question," Alperovitch wrote on a blog detailing the threat. "However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat."
Analysts told The Washington Post that the finger of blame for the infiltration of the 72 networks -- 49 of them in the U.S. -- points firmly in the direction of China.
California-based McAfee would only say it believed there was one "state actor" behind the attacks, but the security firm declined to name it or many of the victims.
Targets for the intrusions -- identified from logs tracked to a single server -- included computer networks of the United Nations secretariat, a U.S. Energy Department lab, some dozen U.S. defense firms and a U.K. defense contractor.
McAfee researchers discovered a “command and control” server in 2009 while investigating some attacks against defense contractors, Reuters reported. In March of this year, they returned to that computer and found logs revealing all of the attacks, the agency said.
While McAfee investigators can only guess what exactly was stolen, McAfee vice president of threat research Dmitri Alperovitch said the attacker looked for data that would give it military, diplomatic and economic advantage, Reuters reported.
McAfee found evidence of security breaches as far back as mid-2006, but said that it’s possible the hacking began before that, Reuters reported. Some attacks lasted just a month, while others lasted for more than two years.
The attacks were carried out using spear-phishing emails, which are tainted with malicious software, to specific people at the organizations they targeted. When people clicked on an infected link, the intruder was able to jump on to the machine and use it to infiltrate the organizations computer network, Reuters said.
The governments of Canada, India, South Korea, Taiwan and Vietnam were also hit, as were the Association of Southeast Asian Nations, the International Olympic Committee, and the World Anti-Doping Agency, Reuters reported.
The hackers sought out sensitive data on U.S. military systems and satellite communications, with the snooping apparently going on for several years.
Companies in construction, steel, energy, solar power, technology, accounting and media were targeted.
The intrusion into the U.N. computer system in Geneva in 2008 went unnoticed for nearly two years, while the hackers quietly combed through files of secret data, according to McAfee.
Many of the attacks targeted organizations linked to Taiwan and the IOC in the months leading up to the 2008 Beijing games, which pointed analysts toward China.
"This is the biggest transfer of wealth in terms of intellectual property in history," Alperovitch told Reuters. "The scale at which this is occurring is really, really frightening."