McAfee report shows 14 countries under attack in 5-year cyberwar

McAfee refuses to accuse perpetrator; most experts blame China

It's a darn good thing the U.S. Department of Defense is launching a whole new cyberdefense strategy, as unveiled by Deputy Secretary of Defense William Lynn three weeks ago.

Otherwise we might have to worry about the report McAfee released today at the Black Hat security conference showing we are in at least the fifth year of a major global cyberwar made up of long-term attacks on more than 70 targets in 14 countries, most of which come from military outposts in China.

McAfee officials will talk about details of the report later today, but gave part of its results early to Vanity Fair.

Though the activity and coverage of hactivist groups like Anonymous and LulzSec have been heavy, especially during the past few months, coverage of those attacks is "really hard to watch because most of what they do, defacing Web sites and running denial-of-service attacks, is not serious. It's just nuisance," VF quoted McAfee VP Dmitri Alperovitch as saying.

The new report covers a campaign Alperovitch calls Operation Shady RAT – an only partially coordinated, long-term series of attacks on servers from many countries designed to steal government secrets about weapons and foreign policy plans, weapon schematics and commercial intelligence including legal contracts and negotiation plans.

The targets were more than 70 public- and private-sector organizations in 14 countries, ranging from major governments (like the U.S.) to tiny non-profit organizations.

Countries or organizations hit regularly include:

  • Taiwan
  • South Korea
  • Vietnam
  • Canada
  • Olympic committees in three countries
  • International Olympic Committee
  • Japan
  • Switzerland
  • United Kingdom
  • Indonesia
  • Denmark
  • Singapore
  • Hong Kong
  • Germany
  • India

Most of the victims – 49 – were U.S.-based companies.

McAfee didn't point a finger at any particular culprit; it found and hacked the command-and-control server for the malware doing most of the damage, extracting IP addresses that identified the victims, but not the perpetrators.

Much of the circumstantial evidence points at China, especially because of the list of victims and timing for when they were hacked.

“All the signs point to China,” Vanity Fair quotes James A. Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies as saying. “Who else spies on Taiwan?”

Alperovitch made it clear the hacks are methodical, connected, purposeful and potentially very costly to the nations involved and the people who live and work in them:

“It’s clear from this and other attacks we’ve been witnessing that there is an unprecedented transfer of wealth in the form of trade secrets and I.P., primarily from Western organizations and companies, falling off the truck and disappearing into massive electronic archives. What is happening to this data? Is this being accumulated in a giant, Indiana Jones–type warehouse? Or is it being used to create new products? If it’s the latter, we won’t know for a number of years. But if so, it’s not just a problem for these companies, but also for the governments of the countries where these companies are located, because they’re losing their economic advantage to competitors in other parts of the world overnight. That is a national-security problem, insofar as it leads to loss of jobs and lost economic growth. That’s a serious threat.” Dmitri Alperovitch , McAfee vice president, in Vanity Fair

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon