The worst online attack in history is being uncovered and what we are learning is startling. In all, there is evidence of 72 networks being infiltrated, including the United Nations, 14 governments and major defense contractors.
It’s being dubbed Operation Cyber Rat. And the attacker looks like China.
It makes Anonymous and LulzSec look like child’s play, says a researcher from McAfee, which discovered the attacks. McAfee is releasing a report about Operation Cyber Rat to coincide with Black Hat, the annual conference for hackers and security experts that starts Wednesday in Las Vegas.
Vanity Fair broke the story about the attacks and provides some detail into the extent of the intrusions:
- Lifted from dozens of secured servers were countless government secrets, e-mail archives, legal contracts, and design schematics.
- Japan, Switzerland, the United Kingdom, Indonesia, Denmark, Singapore, Hong Kong, Germany, and India were among those infiltrated. Most victims were from the United States. They include 49 U.S.-based companies, government agencies, and nonprofits. The category most heavily targeted was defense contractors—13 in all.
- The International Olympic Committee (IOC) and the Associated Press were also among the victims.
The attack was first discovered by Dmitri Alperovitch, vice president of threat research at McAfee.
Alperovitch first picked up the trail of Shady rat in early 2009, when a McAfee client, a U.S. defense contractor, identified suspicious programs running on its network. Forensic investigation revealed that the defense contractor had been hit by a species of malware that had never been seen before: a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loaded a malicious program—a remote-access tool, or rat—onto the victim’s computer. The rat opened the door for a live intruder to get on the network, escalate user privileges, and begin exfiltrating data. After identifying the command-and-control server, located in a Western country, that operated this piece of malware, McAfee blocked its own clients from connecting to that server. Only this March, however, did Alperovitch finally discover the logs stored on the attackers’ servers. This allowed McAfee to identify the victims by name (using their Internet Protocol [I.P.] addresses) and to track the pattern of infections in detail.
What is the nature of our infrastructure that such attacks could occur? Government and corporate infrastructures are often outdated, relying on security software that has to be installed on any number of servers, continually patched and added to a scaling number of end points.
In the meantime, the attackers are using the most modern of information systems to launch their criminal activities. And they prey on our greatest vulnerabilities. And that’s the curiosity and carelessness that people have about the hyperlinks they click.
This is where the services world needs to step up. It’s not the cloud that’s the big danger. It’s antiquated, on-premise systems that have become unmanageable in face of our new social world. We can go on about mobile devices and such but the real story is about data. Who is going to watch the data? How is this done? How do you detect abnormalities? The infrastructure needs to be overhauled but just as much service providers need to invest heavily in educating their customers. Otherwise, people will continue to fall into the same rut. Customers will further fortify themselves to the point where they are trapped and controlled by the rats running free across the network.