The exploits of hacking groups such as Anonymous and LulzSec have in recent months brought into focus the often precarious nature of online security. Organisations and institutions that many people would have expected to be the last to fall in any cyber-attack – from NATO to the UK’s Serious Organised Crime Agency (SOCA) – were breached, infiltrated or otherwise hindered with apparent ease for those behind the attacks.
But while headlines have been skewed towards these newer groups over the past year, hacking is of course not a new phenomenon by any means, nor is it the exclusive domain of cabals such as Anonymous. As if to underline this point, evidence has been uncovered by security experts at McAfee, and detailed by Reuters, of a five-year campaign of cyber-attacks – which has been dubbed “Operation Shady RAT” (remote access tool) – on 72 organisations, including:
- The United Nations
- Governments, including those of the United States, Taiwan, India, South Korea, Vietnam and Canada
- Multinational organisations, such as the IOC (International Olympic Committee), World Anti-Doping Agency, ASEAN (Association of Southeast Asian Nations) and a range of companies including defence contractors and high-tech corporations
This was, according to McAfee, a persistent, well-organised and co-ordinated campaign to mine some of the world’s most privileged and secret data. Some of the attacks lasted under a month, with the longest – targeting the Olympic Committee of an unnamed Asian nation – continuing for well over two years. The hackers were able to infiltrate the United Nations Secretariat in 2008, and harvested classified intelligence and data from those systems for almost two years.
McAfee’s vice-president of threat research, Dmitri Alperovitch, stated that “companies and government agencies are getting raped and pillaged every day, losing economic advantage and national secrets to unscrupulous competitors. This is the biggest transfer of wealth in terms of intellectual property in history; the scale at which this is occurring is really, really frightening.”
So who is responsible for Operation Shady RAT? McAfee believes that a single “state actor” was responsible for the attacks, but has so far not publicly named it, perhaps to avoid prejudicing the multinational criminal investigations now under way by law enforcement agencies around the world.
Jim Lewis, of the Centre for Strategic and International Studies, who was briefed on Shady RAT by McAfee, believes that China is the likeliest culprit. “Everything points to China,” he said. “It could be the Russians, but there is more that points to China than Russia.”