McAfee?s Rivals Scoff at Shady RAT Report

  @ibtimes on August 05 2011 4:41 PM

There's nothing "shady" or complex about Shady RAT according to McAfee's security software rivals.

Earlier this week, the Intel owned McAfee revealed a widespread hack on several government institutions across the world which it named Operation Shady RAT. In a blog post, McAfee's Vice President of Threat Research Dmitri Alperovich revealed details of a five year effort where hackers infiltrated the data servers of several prominent government organizations.

The victims of this effort included the United Nations, six attacks on the U.S. Federal Government, five on the U.S. state government and three on U.S. county governments. There were other government based victims in South Korea, Vietnam, Canada and Taiwan. There were 49 attacks on the U.S. and 72 overall. Also targeted were the Asian and Western national Olympic Committees, as well as the International Olympic Committee (IOC).

The news of Shady RAT caused uproar within the media and security community, specifically Alperovich's notion that a state actor was behind the attacks. Many have suspected China as the guilty party, which the country has denied vehemently.

Symantec, one of McAfee's rivals in the security software world, dismissed Shady RAT as nothing more than a common attack from a hacking network. In a blog post, Symantec's Hon Lau said the attack was not what he'd call an "advanced persistent threat," as McAfee called it.

"Going back to my earlier question, is the attack described in Operation Shady RAT a truly advanced persistent threat? I would contend that it isn't, especially when you consider the errors made in configuring the servers and the relatively non-sophisticated malware and techniques used in this case. Sure the people behind it are persistent but no more so than the myriad of other malware groups out there such as Zeus, Tidserv, and others like them," Lau said.

In the blog post, Lau dug deep into the attacks and revealed how they work end-to-end. He explained how hackers use emails with attachments that are lined with exploit code. These attachments, when opened, install a Trojan. The Trojan can access a remote site where the hacker can enter the servers and do some damage.

Graham Cluey, senior technology consultant at Sophos, posted a blog earlier this week that agreed with this sentiment. He said the information of a widespread hack attack on government agencies is nothing new.

"To be honest, there's nothing particularly surprising in McAfee's report to those of us who have an interest in computer security," said Cluey in a blog post. "For instance, we already all know that companies get targeted by hackers, who install malware to gain remote access to their computers and data. And we already all know that there are motivations for hacking which extend beyond purely financial (for instance, IP theft, economic, political, etc motivations)."

Another one of McAfee's rivals in the security software space, Kaspersky, also dismissed the Shady RAT report.  In a blog, Alex Gostev, Chief Security Expert, said McAfee's report of it being the biggest in history is premature.

He said McAfee didn't reveal much. They discovered access logs of connections with a certain web server, which at some point had been used by hackers. These logs then indicated interaction between this server and computers of large organizations were snooped on.

"Based only on this information, McAfee makes two interesting assumptions: first - that a series of attacks has taken place; second - that valuable data has been stolen. However, the report contains nothing on what particular data has been stolen or how many computers in each organization were hit by the attacks," Gostev said.

He said there is no evidence backing up the talk that has surrounded Shady RAT.

Follow Gabriel Perna on Twitter at @GabrielSPerna

Join the Discussion