On August 3rd, Reuters reported that McAfee was set to reveal that the company has uncovered an extensive, far-reaching case of espionage. When the report came, foreign states were implicated in general, but China was not specifically blamed.
Vice President of threat research for McAfee, Dmitri Alperovitch, told Reuters that “Operation Shady RAT” – the term used for a massive loss of information due to recent hacking efforts – poses a significant threat to the United States. He wrote the following statement in a blog post on the threat:
“What is happening to all this data — by now reaching petabytes as a whole — is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat.”
According to The Washington Post, many analysts are blaming China for hacking up to 72 networks across the world, including 49 intrusions in the U.S. alone.
Threat Type is Not New
Oddly enough, what most media outlets leave out is the rest of the story – the fact that most of the security experts do not see this as a significant “new” threat – only an change in where the particular threat is coming from. Yet, that is not stopping major news networks and government officials from claiming that this is some sort of sign of massive increase of international cyber-terrorism.
The truth is that the threat has been around as far back as 2006.
While Dimitri did blog that such intrusions represent a significant economic threat for Western companies, what many media outlets leave out is the fact that Dimitri also explained how these types of intrusions are nothing new. He wrote:
“Lately, with the rash of revelations about attacks on organizations such as RSA, Lockheed Martin, Sony, PBS, and others, I have been asked by surprised reporters and customers whether the rate of intrusions is increasing and if it is a new phenomenon. I find the question ironic because these types of exploitations have occurred relentlessly for at least a half decade, and the majority of the recent disclosures in the last six months have, in fact, been a result of relatively unsophisticated and opportunistic exploitations for the sake of notoriety by loosely organized political hacktivist groups such as Anonymous and Lulzsec.”
This is quite a different statement than people are getting from the major media, which seems to persistently try to paint the picture that a massive wave of attacks are suddenly coming from China.
While we at TopSecretWriters are constantly monitoring events in China for signs of not only social upheaval but also government espionage efforts – there has been little to warrant the blame that has so far been aimed at China for recent hacking attempts. And those that make those claims rarely offer solid evidence.
Threat Goes Back to at Least 2006
However, that doesn’t mean the threat isn’t there, and that such hacking attempts do not take place. Dimitri was careful not to point at a particular country, but instead refers to the perpetrators as “the adversary.”
“…we are focused on are much more insidious and occur largely without public disclosures. They present a far greater threat to companies and governments, as the adversary is tenaciously persistent in achieving their objectives. The key to these intrusions is that the adversary is motivated by a massive hunger for secrets and intellectual property; this is different from the immediate financial gratification that drives much of cybercrime, another serious but more manageable threat.”
The particular attack called “Operation Shady RAT” that affected networks including the United Nations, the U.S. Energy Department and U.S. and U.K. defense contractors, was one where a “command and control” server was running at one particular victim’s facility. McAfee researchers reviewed the logs on that server and discovered the extent of the damage.
The security breaches were traced all the way back to 2006 and many lasted for up to two years.
Attacks Involve Phishing Emails
However, again, news reports that this is a new threat or that it represents a major new international espionage attack are misleading, as Dimitri pointed out later in the McAfee blog:
“This is not a new attack, and the vast majority of the victims have long since remediated these specific infections (although whether most realized the seriousness of the intrusion or simply cleaned up the infected machine without further analysis into the data loss is an open question). McAfee has detected the malware variants and other relevant indicators for years with Generic Downloader.x and Generic BackDoor.t heuristic signatures”.
The sad truth about these security attacks is that they are very preventable through user education. People need to understand that email links can not ever be trusted. These particular exploits were started through a campaign where select individuals with a specific access level at the company were targeted with a “phishing” email.
The simple goal of that email was just to get the user to click on a link or attachment that would download the necessary malware. Once infected, the malware opened up a backdoor so that the Command & Control server could communicate with, and transfer data to and from that victim’s computer.
Had the user been security savvy enough, they never would have clicked on anything within the email message, and the intrusion would not have occurred.
Creating a defense against such a threat involves both individuals and entire corporations and government agencies training all workers about how to quickly and easily identify phishing emails. For that reason, defense against the threat doesn’t require massive investment into cybersecurity defense, it simply requires all computer users across the world to become less naive about email communications.
Again, this threat is nothing new. It has been used for many years by unscrupulous criminals to steal financial information and to conduct identity theft against victims.
The fact that governments throughout the world would use the same sort of tactics to obtain corporate and military secrets should be little surprise. And the fact that defense against it is as simple as not clicking a link in an email should outline a clear path to securing national military and industrial secrets.Originally published on TopSecretWriters.com