McAfee reports that large-scale cyber warfare operations against the U.S. and other global targets have been well underway for five years in an extensive campaign dubbed "Operation Shady Rat."
Just as the two big technical security conferences get underway in Las Vegas this week, security firm McAfee has released its report on "Operation Shady Rat," a cyber-espionage campaign carried out over five years against over 70 targets, including sensitive government, business, and private organization sites -- pretty much anyone with data worth stealing (see the chart below). According to Dmitri Alperovitch from the McAfee Labs blog:
Having investigated intrusions such as Operation Aurora and Night Dragon (systemic long-term compromise of Western oil and gas industry), as well as numerous others that have not been disclosed publicly, I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact. In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they've been compromised and those that don't yet know.
Target distribution (click to enlarge) Source: McAfee
Targets include U.S. federal and state government sites; the Canadian, South Korean, and Indian governments; the United Nations; and various communications, energy, business, and industry sites. McAfee is willing to say that it's a government-sponsored attack but declines to name a culprit, although the Washington Post is not so shy about singling out China as the most likely perpetrator: "Report on ‘Operation Shady RAT' identifies widespread cyber-spying."
But James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said "the most likely candidate is China." The target list's emphasis on Taiwan and on Olympic organizations in the run-up to the Beijing Games in 2008 "points to China" as the perpetrator, he said.
...Another computer expert with knowledge of the study, who spoke on the condition of anonymity out of reluctance to blame China publicly, said the intrusions appear to have originated in China.
If you would like to read the full report, you can download the PDF from McAfee.Additional reading: