Cybercrime Targets Revealed

Analysts suggest a wide-scale hacking operation may have originated in China.

2011.08.03
china-internet-305.jpg A man surfs the Internet in Beijing, June 15, 2009.
AFP

A top security company said Wednesday that hackers compromised computer security at more than 70 global organizations, including the U.N. and U.S. government bodies, as suspicion fell on China over the massive cyber-espionage offensive.

In a report titled "Operation Shady RAT," McAfee said it had managed to gain access to the logs of a single server that had penetrated cyber security at so many organizations, that the problems of cyber spying was probably even more widespread than its evidence suggested.

"This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing," McAfee vice president of threat research Dmitri Alperovitch wrote in the report.

McAfee did not identify any country behind the hacking campaign, which it traced back to at far as five years ago, but computer security analysts pointed the finger at China.

James Lewis, a cyber-security expert at the Center for Strategic and International Studies, said that the evidence may not be "conclusive in a legal sense," but suspicion points towards China.

"You can think of at least three other large programs attributed to China that look very similar," Lewis told Agence France-Presse. "It's a pattern of activity that we've seen before. It's in line with other activities."

Lewis, who was briefed on the report ahead of its release, said, "what's unusual is the amount of detail McAfee was able to acquire."

Alperovitch said that the logs accessed by McAfee had shown a huge spike in the pace of spying activity in 2007, when it "jumped by a whopping 260 percent to a total of 29 victim organizations."

"That year we began to see new compromises of no fewer than four U.S. defense contractors, Vietnam’s government-owned technology company, a U.S. federal government agency, several U.S. state and county governments, and one computer network security company," Alperovitch wrote in his report.

Two Asian Olympic Committees and one Western Olympic Committee were compromised during that year, rising to 36 victims in 2008, the year that Beijing hosted the Olympic Games.

"Even news media [were] not immune to the targeting, with one major U.S. news organization compromised at its New York Headquarters and Hong Kong Bureau for more than 21 months," the McAfee report said.

China Link

Speculations that China was behind the massive cyber-espionage activity stemmed from the possible link to the Olympics, the targeting of a Hong Kong-based reporting bureau, and previous accusations by Google, which said its systems were hacked and targeted by various attacks originating in China.

The Washington Post quoted security experts as saying that China was the most likely culprit because much of the intruders' targets listed by McAfee put emphasis on organizations linked to Taiwan and the International Olympic Committee (IOC) in months leading up to the 2008 Beijing games.

Earlier this year, Internet giant Google accused the Chinese government of disrupting its e-mail services inside China over a number of months, as netizens complained of inaccessible accounts and attempts to steal their passwords.

Google said in January 2010 that it had been the target of cyber-attacks that originated in China, with the Gmail accounts of rights activists affected.

The company later redirected China search-engine traffic to Hong Kong and scaled down its presence in China.

McAfee said in February that hackers working from China had targeted the computers of oil and gas companies in the U.S., Greece, Taiwan, and Kazakhstan.

The “coordinated, covert, and targeted” attacks began in November 2009, and the hackers had succeeded in stealing sensitive information, it said.

The Chinese government has denied any involvement in hacker activities, saying it is opposed to them, but Internet security experts say China is a leading center for Internet crime, including industrial spying aimed at major companies.

Although McAfee on Wednesday did not name any nation state as the perpetrator, it did say that the Olympics-linked hacking activity would likely have yielded information of political value that was unlikely to be economically motivated.

"Our economy is owned—everyone is compromised," Alperovitch tweeted on Wednesday, as his report was released online.

McAfee was able to confirm the identities of 72 victims from the single server it accessed, but said that many more victims were in the logs, but with less information confirming their identities.

The report said it had identified computer networks of the United Nations secretariat, a U.S. Energy Department lab, and some dozen U.S. defense firms among those organizations with severely compromised security.

Forty-nine of the identified victims were in the United States, the report said.

The hackers had at times looked for sensitive data on U.S. military systems and satellite communications.

In a process known as spear-phishing, the hackers sent emails tainted with malicious software to specific people at the targeted organizations.

If the recipient clicked on an infected link, this would allow intruders to jump on to the machine and use it to infiltrate the computer network.

Reported by Luisetta Mudie.

POST A COMMENT

Add your comment by filling out the form below in plain text. Comments are approved by a moderator and can be edited in accordance with RFAs Terms of Use. Comments will not appear in real time. RFA is not responsible for the content of the postings. Please, be respectful of others' point of view and stick to the facts.