Report identifies widespread cyber-spying (by China)

Report identifies widespread cyber-spying

Washington Post - Published: August 2

A leading computer security firm has used logs produced by a single server to trace the hacking of more than 70 corporations and government organizations over many months, and experts familiar with the analysis say the snooping probably originated in China.

Among the targets were the Hong Kong and New York offices of the Associated Press, where unsuspecting reporters working on China issues clicked on infected links in e-mail, the experts said.

Other targets included the networks of the International Olympic Committee, the United Nations secretariat, a U.S. Energy Department lab, and a dozen U.S. defense firms, according to a report to be released Wednesday by McAfee, a security firm that monitors network intrusions around the world.

McAfee said hundreds of other servers have been used by the same adversary, which the company did not identify.

But James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said “the most likely candidate is China.” The target list’s emphasis on Taiwan and on Olympic organizations in the run-up to the Beijing Games in 2008 “points to China” as the perpetrator, he said. “This isn’t the first we’ve seen. This has been going on from China since at least 1998.”

Another computer expert with knowledge of the study, who spoke on the condition of anonymity out of reluctance to blame China publicly, said the intrusions appear to have originated in China.

The intruders were after data on sensitive U.S. military systems, as well as material from satellite communications, electronics, natural gas companies and even bid data from a Florida real estate company, McAfee said. Forty-nine of the 72 compromised organizations were in the United States.

“We’re facing a massive transfer of wealth in the form of intellectual property that is unprecedented in history,” said Dmitri Alperovitch, McAfee’s vice president of threat research. He would not name the private entities targeted, but said McAfee helped half a dozen of them investigate intrusions.

Some of the intrusions — such as one into the World Anti-Doping Agency in Montreal — are continuing, he said. Spokesmen for that organization and for the International Olympic Committee said they were not aware of the intrusions. A U.N. spokesman said technicians analyzing the logs have not seen evidence of stolen data. The Energy Department had no comment.

According to the report, which does not identify the AP by name, the organization’s New York office was targeted in August 2009 in an intrusion that lasted, on and off, for eight months. Its Hong Kong bureau was penetrated at the same time, in an intrusion that continued for 21 months.

AP spokesman Jack Stokes said the company was aware of the report. “We do not comment on network security,” he said.

Full story here:

http://www.washingtonpost.com/natio...cyber-spying/2011/07/29/gIQAoTUmqI_story.html

 

McAfee uncovers massive global cyber snoop


China masterminded 'Operation Shady RAT' targeting over 70 organisations, governments, say analysts

Computer security company McAfee has said that it has discovered a massive global cyber spying operation targeting several US government departments, the UN and other governments across the world for five years or more.

Analysts say it is likely that China is behind the cyber espionage dubbed 'Operation Shady RAT' by McAfee. RAT stands for "remote access tool".

The Guardian reported that security experts at McAfee had discovered a "command and control" server in 2009 that was used to control the operation. On revisiting the server this March, experts found logs which revealed all of the attacks.

Victims of snooping campaign include: governments of Canada, India, South Korea, Taiwan, the US and Vietnam; international bodies such as the UN, the Association of Southeast Asian Nations (ASEAN), the International Olympic Committee, the World Anti-Doping Agency; 12 US defense contractors, one UK defense contractor; and companies in construction, energy, steel, solar power, technology, satellite communications, accounting and media, said an AFP report.

McAfee said there is evidence that security breaches date back to mid-2006.

McAfee vice-president of Threat Research Dmitri Alperovitch said the attacker was looking for information in military, diplomatic and economic domains.

"If you look at an industry and think about what is most valuable in terms of intellectual property, that is what they were going after," Alperovitch said.

He said that the loss represents a massive economic threat.

"This is the biggest transfer of wealth in terms of intellectual property in history," Alperovitch said.

"The scale at which this is occurring is really, really frightening."

"Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors," he said.

Alperovitch said a nation state was behind the operation. Experts have blamed China for the snooping, though they say that it could be the work of Russia as well.



http://security.cbronline.com/news/mcafee-uncovers-massive-global-cyber-snoop-030811

 

From a related article here:

-http://www.vancouversun.com/news/Massive+cyber+attack+Canadian+government+companies/5199110/story.html

Nothing special at all about these infections; just more of the same social engineering at work here to fool the click-happy, easy prey.

 

The only thing shocking and frightening is these people opening links in their emails. Everything else is business as usual in the intelligence/espionage world.

 

Posted by SG.

Interesting as i've also seen attempted attacks from that IP in the past = PSINet, Inc

*

So images still capable of being used in malware

I've stop being amazed at just how MANY companies/organisations/gov etc etc get intruded into. What kind of IT people do they employ ?