Has the United States already suffered its cyberwar Pearl Harbor?

Has the United States already suffered its cyberwar Pearl Harbor?

Summary: McAfee claims to have uncovered a long-term cyber-espionage campaign against the U.S. and almost 80 other countries and major companies.

SHARE:
TOPICS: Security, Malware
150

Cyber-warfare sounds like something from a science fiction novel. It's not. It's reality. Cyber-security firm McAfee claims to have uncovered a cyber-espionage campaign that's been going on for five years against more than 70 public and private organizations in 14 countries.

The campaign, called "Operation Shady RAT" (remote access tool), was described by Dmitri Alperovitch, McAfee's VP of threat research in a recent blog post: Revealed: Operation Shady RAT. According to Alperovitch, these attacks are major assaults against both countries and corporations.

He writes, "Having investigated intrusions such as Operation Aurora [China's attack on Google) and Night Dragon (systemic long-term compromise of Western oil and gas industry), as well as numerous others that have not been disclosed publicly, I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact. In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they've been compromised and those that don't yet know. "

Alperovitch also declares that these government-sponsored attacks are on an entirely different scale than those of the kiddie attacks made by such groups as Anonymous and Lulzsec. The McAfee executive wrote, "The targeted compromises--known as 'Advanced Persistent Threats (APTs) … we are focused on are much more insidious and occur largely without public disclosures. They present a far greater threat to companies and governments, as the adversary is tenaciously persistent in achieving their objectives. The key to these intrusions is that the adversary is motivated by a massive hunger for secrets and intellectual property; this is different from the immediate financial gratification that drives much of cybercrime, another serious but more manageable threat."

Furthermore, "What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth - closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA [supervisory control and data acquisition] configurations, design schematics and much more has 'fallen off the truck' of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries."

McAfee claims to have uncovered this by gaining "access to one specific Command & Control server used by the intruders. We have collected logs that reveal the full extent of the victim population since mid-2006 when the log collection began."

The actual attack method is familiar to anyone in computer security. "The compromises themselves were standard procedure for these types of targeted intrusions: a spear-phishing email containing an exploit is sent to an individual with the right level of access at the company, and the exploit when opened on an unpatched system will trigger a download of the implant malware. That malware will execute and initiate a backdoor communication channel to the Command & Control web server and interpret the instructions encoded in the hidden comments embedded in the webpage code. This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organization to establish new persistent footholds via additional compromised machines running implant malware, as well as targeting for quick exfiltration the key data they came for."

A recent spear-phishing study--an e-mail based attack that tries to trick you into clicking on what appears to be a safe Web link but actually tries to steal data or delivers malware--found that "23% of people worldwide are vulnerable to targeted/spear phishing attack" and that "on an average 60% of corporate employees that were found susceptible to targeted spear phishing responded to the phishing emails within three hours of receiving them." With odds like that, it's easy to see why corporate and government spear-phishing could work so well.

McAfee's study shows that numerous U.S. government agencies were successfully attacked. In addition, Canada, South Korea, Vietnam, the United Nations, and India were hacked. Numerous electronics and defense companies have also fallen victim.

ShadyRAT's targets by category

What's the point of these attacks? Alperovitch isn't sure but he believes, "If even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape and the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world, not to mention the national security impact of the loss of sensitive intelligence or defense information."

The first shots appear to have been fired in the first major cyber-war. The next question is: "Who's behind them?" Alperovitch isn't saying, but some observers  suggest that China is behind what might be called a technology Pearl Harbor.

Related Stories:

Topics: Security, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

150 comments
Log in or register to join the discussion
  • RE: Has the United States already suffered its cyberwar Pearl Harbor?

    Short answer: no. It has the potential to get worse. A lot worse.
    David Gewirtz
    • RE: Has the United States already suffered its cyberwar Pearl Harbor?

      @David Gewirtz The US need an interconnected smart grid and I need a bag of popcorn.
      Tommy S.
      • RE: Has the United States already suffered its cyberwar Pearl Harbor?

        @Tommy S.
        Better not get microwave popcorn.
        rp518
    • RE: Has the United States already suffered its cyberwar Pearl Harbor?

      @David Gewirtz
      China is the world leader when it comes to cyberwar. They are the ones attacking the USA Government Offices and USA Companies, yet our politician continue to treat China favorably.

      The Chinese Government continually ignores and violates free trade agreements, they require USA Companies to partner with Chinese companies and share our trade secrets. They pin their currency to the US Dollar so that Chinese goods remain cheap so Americans will continue to buy Chinese made goods at Walmart. And what do they do with all that money they make from us? They turnaround and loan it back to our Government who has no fiscal discipline.

      On top of all that, the Chinese block us in the UN whenever we try to pass sanctions against countries (like Iran or North Vietnam) because they do business with them.

      Americans are so effing stupid!
      Masari.Jones
      • RE: Has the United States already suffered its cyberwar Pearl Harbor?

        @Masari.Jones - It's pretty obvious that it's China. Just take a look at the *.jpg above showing where the attacks have occurred. It's so blatantly obvious, yet, you are right, the US is too distracted by political nonsense at home for the people in Congress or in the White House to actually do their jobs.
        jdevola
      • RE: Has the United States already suffered its cyberwar Pearl Harbor?

        @Masari.Jones The Gov. won't say a thing to China. Since we owe them so much money. It would be like telling your mortgage lender he's an a.....hole
        guruward
      • Simple solution

        @Masari.Jones nobody said that Americans, or any other nation, HAS to buy Chinese goods which were often produced in flagrant contempt of workers' rights and the ecology. Yeah it'll cost more initially but soon you'll see jobs and value returning to the US.
        Shadeburst
      • RE: Has the United States already suffered its cyberwar Pearl Harbor?

        @Masari.Jones Yes the US needs a new enemy the old ones are getting so tired. A country that can out compete the US even in its' nefarious deeds is the perfect candidate.
        carlson1@...
      • China

        @Masari.Jones for once I agree with Obama
        1) The US should consider this an act of war.
        2) We should deduct the factors of stolen intellectual property and currency manipulation from the 14 trillion we owe them
        stevek@...
      • RE: Has the United States already suffered its cyberwar Pearl Harbor?

        @Masari.Jones
        Not only is the US owned by China. It's now pwned by China.
        ;)
        I am Gorby
    • RE: Has the United States already suffered its cyberwar Pearl Harbor?

      @David Gewirtz Spreading fear did wonders For G. Bush and Im sure it helps your consultant business as well David.
      Bodazapha
      • RE: Has the United States already suffered its cyberwar Pearl Harbor?

        @Bodazapha Obama certainly seems to think so. It has only escalated under this President.
        YetAnotherBob
      • partisan b**lsh*t

        @Bodazapha given the high price this country has paid in the past for ignoring the obvious,,, a little fear would serve us well - rather than ignoring the threats of totalitarian butchers.
        stevek@...
    • Or maybe...

      @David Gewirtz : just like that 9/11 and Pearl Harbor, which some people believe (me included), were carried out by insiders rather than outsiders to "justify" a "preemptive" response. (Think Hitler and the Bundestag fire)<br><br>Thus this threats might have been self inflicting, or the targets were actually honey pots setup to attract known offenders and once the bait was eaten, the offended would have an excuse to "counter-attack".<br><br>Not far fetched, if you have read about the Iraq war and saw the Fahrenheit 911 movie.<br><br><i>BTW. These are my two cents, and not implying that I have proof that either 9/11, nor Pearl Harbor fall in this case.</i>
      cosuna
      • RE: Has the United States already suffered its cyberwar Pearl Harbor?

        @cosuna petty point, but it was the Reichstag fire - not Bundestag. The burning of the Reichstag building ultimately led to the Bundestag (the lower house of parliament) effectively handing power to Hitler.

        I do get your point though... ;)
        korvan
      • RE: Has the United States already suffered its cyberwar Pearl Harbor?

        @cosuna At the time, it was called the Reichstag. The federal structure of Germany is a post-war US inspired thing. Maybe you should upgrade your facts ...
        aigler
      • RE: Has the United States already suffered its cyberwar Pearl Harbor?

        @cosuna Wow...
        ItsTheBottomLine
    • RE: Has the United States already suffered its cyberwar Pearl Harbor?

      @David Gewirtz - I just want someone to explain what the really sensitive stuff is doing connected to anything but a private and secure network. Sure, sensitive stuff might get e mailed, or exposed in small part some other way, but why do the real goodies reside on a network attached in any way (firewalls, and all that secure networking mumbo jumbo notwithstanding) to the internet? It makes sense for usability, but the risk is just too great.
      current user
    • RE: Has the United States already suffered its cyberwar Pearl Harbor?

      @David Gewirtz. I agree we have been attacked and we should blitz everything operational in China. What drives me crazy is that this is nothing new. They were stealing secrets well befor cyber. All on has to do is look at their aircraft program where they copied down to patches to aircraft that had been hit in combat and repaired.
      Also we never remember our history. For example I commanded the first cyber team in the US military in 1979. We didn't call it cyber but rather the Red team and we actually attacked every computer, satellite, ground, and air traffic control system in use within SAC. No one reads these reports as they don't know about them or they will not understand how relivent to todays events.
      pacomj60@...
  • McAfee, R U kidding?

    I have used McAfee ASAP for years. And McAfee Enterprise products as well. I just wish they'd find the things that other products have found. MalWare by the boatload.
    I guess they are too busy looking after our national interests.

    Even so, no one wants to give up anything in order to be more secure - it is a shame. Shame on us all.
    jhevener@...