August 04, 2011, 12:16 PM — There were no big surprises in the reaction of the countries or organizations named as targets of a series of persistent, aggressive, often successful online attacks during the past five years – a campaign described in detail by a report from security vendor McAfee, which became public yesterday.
Most of the victims – 49 U.S.-based corporations and a series of U.S. government agencies as well as companies and government sites in 13 other countries – were well aware of the attack, and more aware of their source than the unnamed "state actor" McAfee admitted to in the report.
“All the signs point to China,” Vanity Fair quotes James A. Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies as saying.
A U.S. Air Force spokesperson said only that the Department of Defense "reported to Congress in 2010 that China is actively pursuing cyber capabilities with a focus on the exfiltration of information, some of which could be of strategic or military utility," according to a story in Reuters.
Which is pretty much what everyone else has been saying for about the same five years or so, during which large-scale data breaches, successful spear-phishing campaigns and long-term, large-scale penetration attempts have been reported against many U.S. military and government facilities.
Other countries are in even worse shape:
"I'm not surprised because that's what China does, they are gradually dominating the cyberworld," according to India-based IT analyst Vijay Mukhi, who talked to Reuters about the vulnerability of South Asian governments. "I would call it child's play (for a hacker to get access to Indian government data) ... I would say we're in the stone age."
No one is really doing much about either defense or prevention, though.