[LINK] Spy and Counter-Spy

Roger Clarke Roger.Clarke at xamax.com.au
Thu Aug 4 07:33:52 AEST 2011 

The most interesting aspect of the McAfee promo below is this bit:
"McAfee learned of the extent of the hacking campaign in March this 
year, when its researchers discovered logs of the attacks while 
reviewing the contents of a "command and control" server that they 
had discovered in 2009 as part of an investigation into security 
breaches at defence companies."

So, let me see, the break-ins were discovered by means of ... a break-in.

('How *dare* they hack into my command-and-control server??').


Biggest-ever series of cyber attacks uncovered
ITnews
Jim Finkle
Aug 4, 2011 6:30 AM (57 minutes ago)
http://www.itnews.com.au/News/265782,biggest-ever-series-of-cyber-attacks-uncovered.aspx

Networks of 72 organisations infiltrated.

Security experts have discovered the biggest series of cyber attacks 
to date, involving the infiltration of the networks of 72 
organisations including the United Nations, governments and companies 
around the world.

Security company McAfee, which uncovered the intrusions, said it 
believed there was one "state actor" behind the attacks but declined 
to name it, though one security expert who has been briefed on the 
hacking said the evidence points to China.

The long list of victims in the five-year campaign include the 
governments of the United States, Taiwan, India, South Korea, Vietnam 
and Canada; the Association of Southeast Asian Nations (ASEAN); the 
International Olympic Committee (IOC); the World Anti-Doping Agency; 
and an array of companies, from defence contractors to high-tech 
enterprises.

In the case of the United Nations, the hackers broke into the 
computer system of its secretariat in Geneva in 2008, hid there for 
nearly two years, and quietly combed through reams of secret data, 
according to McAfee.

"Even we were surprised by the enormous diversity of the victim 
organizations and were taken aback by the audacity of the 
perpetrators," McAfee's vice president of threat research, Dmitri 
Alperovitch, wrote in a 14-page report released on Wednesday.

"What is happening to all this data ... is still largely an open question.

However, if even a fraction of it is used to build better competing 
products or beat a competitor at a key negotiation (due to having 
stolen the other team's playbook), the loss represents a massive 
economic threat."

McAfee learned of the extent of the hacking campaign in March this 
year, when its researchers discovered logs of the attacks while 
reviewing the contents of a "command and control" server that they 
had discovered in 2009 as part of an investigation into security 
breaches at defence companies.

It dubbed the attacks "Operation Shady RAT" and said the earliest 
breaches date back to mid-2006, though there might have been other 
intrusions.

RAT stands for "remote access tool," a type of software that hackers 
and security experts use to access computer networks from afar.

Some of the attacks lasted just a month, but the longest -- on the 
Olympic Committee of an unidentified Asian nation -- went on and off 
for 28 months, according to McAfee.

"Companies and government agencies are getting raped and pillaged 
every day. They are losing economic advantage and national secrets to 
unscrupulous competitors," Alperovitch told Reuters.

"This is the biggest transfer of wealth in terms of intellectual 
property in history," he said. "The scale at which this is occurring 
is really, really frightening."

...


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list