McAfee Report Outlines Global Cyber Spying Operation
More than 70 companies, governments and non-profit organizations around the world were attacked by hackers in a massive cyberspying operation that experts say was likely conducted by China.
In a report released Wednesday, the security firm McAfee said the five-year mission included a wide range of victims, including the United Nations, the International Olympic Committee, a Department of Energy Research Laboratory and nearly two dozen defense contractors. The victims were spread across more than a dozen countries, though 49 of the 72 identified targets were located in the United States.
The data stolen included closely-guarded national secrets, source code, email archives, negotiation plans and exploration details for new oil and gas field auctions, the report said.
Dmitri Alperovitch, McAfee's vice president of threat research, said it was unclear what the data was being used for, but if even a small amount was used to compete against other companies, "the loss represents a massive economic threat not just to individual companies and industries, but to entire countries that face the prospect of decreased economic growth."
The report comes in the wake of a string of high-profile cyber-attacks against corporations and government agencies, including Sony, Lockheed Martin and the Central Intelligence Agency. Last month, the Defense Department said foreign hackers infiltrated the network of a defense contractor in March, stealing 24,000 military files in one of the most devastating data breaches suffered by the Pentagon to date.
Alperovitch said the report's findings represent a different motivation than the immediate financial gratification sought by many online criminals.
"The adversary is motivated by a massive hunger for secrets and intellectual property," he said. "What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth."
Alperovitch said the attacks were not new and that most victims had fixed the computer viruses that caused them. He said McAfee gained access to a server used by the intruders and collected logs dating back to 2006.
Alperovitch said the attacks were launched by common hacking methods like "spear phishing," in which hackers gain access to networks by sending targeted emails to employees who open virus-laden attachments.
The report found the cyber-attacks also focused on political nonprofit groups, including an unidentified western organization focused on promoting democracy. For nearly two years, the hackers also targeted one major U.S. news organization at its New York and Hong Kong bureaus. The report did not name the news outlet, though the Washington Post cited experts who said it was the Associated Press.
The security firm did not identify who was behind the cyber-attacks, though it said a foreign government may have been behind them because there was likely no commercial benefit from intrusions into groups such as the International Olympic Committee.
However, James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said the culprit was likely China. He said only five or six countries have the capabilities to wage a cyberspying mission of this scale, but the list of targets reflects the interest of China more than any other country.
"The evidence does point to China," he said. "Who else is going to spy on Taiwan?"
It is not the first time that hacking victims have pointed the finger at China. Last year, Google announced that Chinese hackers had stolen the company's source code. Then earlier this year, Google claimed that hackers based in China tried to break into Gmail accounts of U.S. government officials, Chinese activists and foreign journalists.
Lewis said China is focused on gaining intellectual property through hacking to give their companies a competitive advantage. He also said they get blamed often for hacking because they do not cover their tracks well.
"The Chinese get a lot of heat because we're afraid of them and they're the least skillful," Lewis said. "We catch them more often because they're not as good."
At a press conference in June, Chinese Foreign Ministry Spokesperson Hong Lei said the Chinese government "staunchly opposes" computer hacking.
"Hacker attack is an international issue, to which China also falls victim," he said.
In Wednesday's report, the security firm nicknamed the cyber-attacks "Operation Shady RAT" after a common industry acronym for a remote access tool, which allows users to access computer networks remotely.
"This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries," Alperovitch said. "The only organizations that are exempt from this threat are those that don't have anything valuable or interesting worth stealing."