San Francisco - As the chief investigator for cyber threats at one of the world's largest online security firms, Dmitri Alperovitch is a battle-hardened veteran of the digital security wars.
But even he was shocked at the level of penetration achieved in a cyber-spying campaign, unveiled on Wednesday in a report by McAfee.
The report, “Revealed: Operation Shady Rat,” said that 72 government bodies, international organisations and prominent defence companies were infiltrated in a massive hacking operation that has existed for at least five years.
“What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth,” said Alperovitch, McAfee vice president of threat research, in the 14- page report.
“Closely guarded national secrets, source code, bug databases, e-mail archives, negotiation plans - and much more has fallen off the truck of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries.”
“After painstaking research - even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators,” Alperovitch continued.
The report declined to name the companies that had been victimised by the attacks, which were so sophisticated and coordinated that they could only have been committed by a “state actor,” the report claimed, with suspicion immediately falling on China. McAfee said that its analysis traced the attacks to at least 2006, but that they could have started well before.
Among the targets that were identified were the International Olympic Committee, the United Nations, the Association of South-East Asian Nations (ASEAN) and the World Anti-Doping Agency.
The main target of the attacks was the United States, where 49 of the 72 targets were based. Four of the targets were in Canada, and three each in South Korea and Taiwan. Other companies or organisations were in Japan, Switzerland, Britain, Indonesia, Vietnam, Denmark, Singapore, Hong Kong, Germany and India.
In New York, the UN said it was investigating the report, and that it was too early to confirm the alleged intrusion.
Government agencies were the most highly targeted category, comprising 22 of the 72 targets.
Thirteen targets were in the defence industry, while a similar number were in the information technology, news and communications sectors, the report said.
The attackers gained access to the closely guarded cyber secrets using a technique known as “spear-phishing” in which they target a person with high security clearances with a virus-laden email that grants the attackers access to the individual's computer, from which they spread across the organisation network and steal sensitive data.
While most of the targeted organisations have long since closed the vulnerabilities found in the report, Alperovitch stressed that the report focused on a specific operation conducted by a single group, and that many other targeted intrusions were being committed every day.
“This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organisations that are exempt from this threat are those that don't have anything valuable or interesting worth stealing,” Alperovitch said.
“In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they've been compromised, and those that don't yet know.” - Sapa-dpa