McAfee has unveiled a widespread hack on several government institutions across the world and has suggested another country may be behind it.
Operation Shady RAT, as McAfee is calling it, has been exposed as a five year effort where hackers infiltrated the data servers of several prominent government organizations. This includes the United Nations, six attacks on the U.S. Federal Government, five on the U.S. state government and three on U.S. county governments. There were other government based victims in South Korea, Vietnam, Canada and Taiwan.
There were 49 attacks on the U.S. and 72 overall. Also targeted was the Asian and Western national Olympic Committees, as well as the International Olympic Committee (IOC). There was also an attack on the World Anti-Doping Agency in the lead up to the 2008 Olympics.
According to Dmitri Alperovich, McAfee's vice president of threat research, there is little profit to gain from these attacks. For this reason, he suspects a "state actor" was behind the attacks.
"The presence of political non-profits, such as the a private western organization focused on promotion of democracy around the globe or U.S. national security think tank is also quite illuminating. Hacking the United Nations or the ASEAN (Association of Southeast Asian Nations) Secretariat is also not likely a motivation of a group interested only in economic gains," Alperovich said in a blog post.
While McAfee didn't name its prime suspect, people in the media say the report makes it seem like China is the one to blame. In an interview with Vanity Fair, James A. Lewis, senior fellow at the Center for Strategic and International Studies, said all signs point to China.
"Who else spies on Taiwan?" Lewis is quoted as saying to Vanity Fair.
Analysts questioned by the The Washington Post, also said the evidence leads to China.
McAfee admitted while some attacks are normal, they were taken aback at the enormity of this one in particular. The attackers used spear-phishing emails to attack the government institutions. These kind of emails come with malicious software, when links in these emails are clicked on, intruders can have their way with the organization's servers and commands.
"This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organization to establish new persistent footholds via additional compromised machines running implant malware, as well as targeting for quick exfiltration the key data they came for," Alperovich said.
According to Graham Cluey, senior technology consultant at Sophos, the information of a widespread hack attack on government agencies is nothing new.
"To be honest, there's nothing particularly surprising in McAfee's report to those of us who have an interest in computer security," said Cluey in a blog post. "For instance, we already all know that companies get targeted by hackers, who install malware to gain remote access to their computers and data. And we already all know that there are motivations for hacking which extend beyond purely financial (for instance, IP theft, economic, political, etc motivations)."
Along with government institutions, McAfee reported several fortune 100 companies were targeted as well. The companies, Alperovich says, were across a variety of sectors.