Connect to share and comment
Hackers who mounted a huge cyber attack, infiltrating U.S. defense firms, the United Nations, the World Anti-Doping Agency, the IOC, and U.S. state and local governments, were likely Chinese, and possibly the state itself, security experts say.
Hackers who mounted a massive series of cyber attacks, infiltrating U.S. defense firms, the United Nations, the World Anti-Doping Agency, the International Olympic Committee (IOC), and numerous U.S. state and local governments, were likely Chinese, and possibly the state itself, security experts say.
A top cyber security firm, McAfee, released a report indicating that "a nation state" had carried out the cyber attacks, and that 49 of the 72 targets were in the U.S., while Taiwan was also badly hit.
Details of the report were first published on the website of Vanity Fair.
More from GlobalPost: Photos of the victims.
"Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," Dmitri Alperovitch, McAfee's vice president of threat research, wrote in the report.
While the firm did not specify China, outside experts told The Washington Post that the attacks appear to have emanated from China, which has a history of engaging in cyber warfare.
Earlier this year, Google accused China of hacking into its networks and stealing source code — a watershed moment, according to the paper in that "a major U.S. company volunteered that it had been hacked, while saying that more than 20 other large companies had been similarly targeted.
According to the New York Times, however, the 14-page McAfee report "offers little detail about the cases, what kinds of documents were stolen or what kind of evidence was found to determine the perpetrator was a government body."
Although the IOC is among the few targets McAfee names, a spokesman for the committee told the Times: "We are unaware of the alleged attempt to compromise our information security claimed by McAfee. If true, such allegations would of course be disturbing."
On the source of the hackings, the Washington Post writes that:
James A. Lewis, a cyber security expert at the Center for Strategic and International Studies, said "the most likely candidate is China."
The target list’s emphasis on Taiwan and on Olympic organizations in the run-up to the Beijing Games in 2008 "points to China" as the perpetrator, he said. "This isn’t the first we’ve seen. This has been going on from China since at least 1998."
McAfee said that the stolen data could be used to improve existing products or help beat a competitor, representing a major economic threat.
Alperovitch wrote in the report:
"What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth.
"What is happening to all this data — by now reaching petabytes as a whole — is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation [due to having stolen the other team’s playbook], the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape and the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world, not to mention the national security impact of the loss of sensitive intelligence or defense information."
McAfee's chief European technology officer, Raj Samani, told the BBC that:
"From the logs we were able to see where the traffic flow was coming from. In some cases, we were permitted to delve a bit deeper and see what, if anything, had been taken, and in many cases we found evidence that intellectual property had been stolen.
He said each hack was a "spear-phish attack, as opposed to a trawl, where they were targeting specific individuals within an organization," and that attacks were still going on.
"An email would be sent to an individual with the right level of access within the system; attached to the message was a piece of malware which would then execute and open a channel to a remote website giving them access.
"Once they had access to an organization, they either did what we would call a 'smash-and-grab' operation, where they would try and grab as much information before they got caught, or they sometimes embedded themselves in the network and [tried to] spread across different systems within an organization."