The biggest hack ever discovered has been exposed by McAfee, and the breadth and depth would be impressive it wasn’t so disconcerting: five years, at least 72 different governments, NGOs, and other organizations (including the United Nations and the International Olympic Committee) and reams and reams of secret data. Of course, McAfee believes there is a single “state actor” behind the attacks, but the company has declined to name it.
Care to venture a guess?
The hacks are tied together into a single ongoing event by the fact that they were discovered via the log contents of a central “command and control” server being examined by McAfee investigators beginning in 2009. McAfee investigators dubbed the attack “Operation Shady RAT,” with RAT short for “remote access tool,” the common umbrella term for the software hackers and security types use to access networks from afar.
So who was attacked? Reuters’ highlight reel:
The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.
And China, right? Surely if someone was going to hack big targets in the U.S. and Europe, the IOC, the UN, and every major economic player in Asia/Indochina, that person surely wouldn’t overlook China, the biggest player of them all, right? No? That’s interesting.
I’m not the only one who thinks so. Cyber experts not affiliated with McAfee say everything points to the Chinese–the keen interest in Taiwan, the hacking of the IOC prior to the 2008 Beijing Olympics, the defense contractors and high-tech companies whose trade secrets could be exploited. All of this information might be interesting to anyone. But it would be especially interesting to China.
China has not issued an official comment on the hack-a-thon. But if they had, we can assume it would be something along the lines of: “Who, me?”