Friday, August 05, 2011

operation shady RAT

NYTimes | An American cybersecurity company issued a report on Wednesday saying that it had identified a single perpetrator of cyberattacks that lasted up to five years on a wide range of governments, American corporations and even United Nations groups, and that the pattern of targets suggested the attacker was a “state actor.”

However, as with a number of other alarming recent reports on computer spying, the study offered few details that would allow independent verification, and it was difficult to immediately assess the damage done. It did not identify the location of the attacking computer system, say what kinds of documents or information were stolen, or offer any direct evidence of a state’s involvement.

The company, McAfee, said it had identified 72 targets — 49 of them American, including 14 federal, state and county agencies and 11 defense contractors — and also informed law enforcement agencies, which it said were investigating.

The White House referred questions to the Department of Homeland Security. At a news conference on other matters, that department’s secretary, Janet Napolitano, said: “We became aware of the McAfee report, I think, today, which is when it was released to the press, as well. We obviously will evaluate it, look at it and pursue what needs to be pursued in terms of its contents.”

One of the few named organizations, the World Anti-Doping Agency, cast doubt on the report’s assertion that the agency had been subject to a 14-month attack that began in August 2009. In a statement, the director general, David Howman, acknowledged that the agency had experienced an e-mail breach in February 2008, but that “at this stage, W.A.D.A. has no evidence from its security experts of the intrusions as listed by McAfee and the agency has yet to be convinced that they took place.”

McAfee, which was recently acquired by Intel, said it released the report to coincide with the start on Wednesday of the annual Black Hat technical security conference in Las Vegas. Briefings were scheduled to be delivered at the conference. Details of the study were first published on the Web site of Vanity Fair.

Asked why McAfee decided not to identify most of the corporations that were targets in the attacks, the company said that the corporations were worried about being identified and alarming shareholders or customers.

Cybersecurity is now a major international concern, with hackers gaining access to sensitive corporate and military secrets, including intellectual property. The report comes after high-profile computer network attacks aimed at the International Monetary Fund, Sony and the Lockheed Martin Corporation, America’s largest military contractor.

Concern over attacks being carried out by nation-states is rising sharply, particularly after Google said last year that Chinese hackers stole some of the company’s source code. Many security experts say the Chinese government has built up a sophisticated cyberwarfare unit and that the government might be partnering with professional hackers. But the list of entities, government or private, suspected of hacking campaigns, is a long one.

2 comments:

Damian2K2 said...

Its good to see some balanced and level-headed opinion this story, as opposed to the alarmist headlines being generated like "biggest cyber attack in history" in most other mainstream media sites. FYI, another article here with a similar viewpoint: http://www.internetsecuritydb.com/2011/08/mcafee-operation-shady-rat-media-storm.html

CNu said...

I'd like to see the data that McAfee's pulling off those ePO servers  - and - I'd like to know what the underlying activity is that McAfee is claiming as intrusions. For all I know, a big chunk of this could be nothing more than conficker and other botnets overtopping Viruscan.

When Zakharova Talks Men Of Culture Listen...,

mid.ru  |   White House spokesman John Kirby’s statement, made in Washington shortly after the attack, raised eyebrows even at home, not ...