Poreg View: That the needle of suspicion for the biggest series of cyber-attacks to date, involving the infiltration of the networks of 72 organisations around the globe points to a ‘single state’ does not come as a surprise. Because this is not the first time that China has lost its mask with Teflon coating.
Internet Security expert, McAfee has unmasked the hacking operation and tracked the huge international security breach to a single computer server. Its 14-page report was released to coincide with the Black Hat and Defcon conferences in Las Vegas at which the discussions centre on the growth threat of cyber intrusions.
McAfee researchers found a ‘command and control’ server in 2009 while investigating some attacks against defence contractors. When they returned to that computer in March of this year, the research team found logs that revealed all of the attacks.
The hacking ops has been in place for five years to steal industrial and national secrets on an unprecedented scale. The victims were United Nations, the International Olympic Committee (IOC), India, Taiwan, South Korea, Vietnam, Canada, US military systems and satellite communications, 12 US defence contractors, and one British defence contractor. UN secretariat in Geneva and some other networks were penetrated for two years by the malicious software.
Writes Dmitri Alperovitch, McAfee’s vice president of threat research: ‘This is the biggest transfer of wealth in terms of intellectual property in history… Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators. Companies and government agencies are getting raped and pillaged every day.’
Targets included the Association of Southeast Asian Nations (ASEAN); the World Anti-Doping Agency; and an array of high-tech enterprises engaged in construction, steel, energy, solar power, technology, satellite communications, insurance and accounting. US-based media and think tanks were not spared either.
According to McAfee, some these cyber-attacks lasted just a month, others stretched to as many as 28 months. The hackers used spear-phishing emails to accomplish their task. These emails are tainted with malicious software, to specific people at the targeted organisations. When the unsuspecting individual clicks on an infected link, it allows intruders to jump on to the machine, infiltrate and remain embedded in the computer network as long as felt necessary or ‘cleaned out’
McAfee report shows that cyber warriors are a reality and eternal vigil is the price the free world has to pay for safeguarding its Internet. Not conventions but up-to-date anti-virus systems are the order of the day. This problem can be addressed to some extent by checking the use of pirated computer software.
