NEW YORK — A computer security firm says cybercriminals have spent at least the past five years targeting more than 70 government entities, nonprofit groups and corporations around the world to steal troves of data.
McAfee Inc. said in a report today that the attacks have targeted a broad range of organizations, including the United Nations, the International Olympic Committee and companies mostly in the United States.
McAfee did not say who may be behind the attacks but says the culprit is likely a nation state.
The report is short on specifics, as the security firm is not naming most of the victims, nor is it stating exactly what data were stolen. Most of the victims are in the U.S. Other victims were in Canada, South Korea, Taiwan, Japan and nine other countries.
The report comes amid a surge in high-profile hacking cases in recent months. Citigroup, Sony Corp., Lockheed Martin, PBS and others have been targeted by hackers this year.
McAfee says the majority of those revelations have been the result of “relatively unsophisticated and opportunistic exploitations for the sake of notoriety by loosely organized political hacktivist groups such as Anonymous and Lulzsec.”
But the threats McAfee’s report focuses on are “much more insidious and occur largely without public disclosures,” wrote Dmitri Alperovitch, vice president of threat research at McAfee and the report’s author.
The key to these intrusions, he said, is that the perpetrator is motivated by “a massive hunger for secrets and intellectual property.”
U.N. spokesman Farhan Haq said McAfee had informed the United Nations that its networks may have been targeted in a broad cyberattack between September 2008 and December 2010. He said the U.N.’s technical staff in New York and Geneva are analyzing logs of network activity for those periods, looking for evidence of such an attack.
International Olympic Committee spokesman Mark Adams said thus far the attacks are “a claim being made by Mcafee” and that the security firm’s researchers “have yet to give us any evidence or detail.” “We are unaware of the alleged attempt to compromise our information security claimed by Mcafee,” Adams said. “If true, such allegations would of course be disturbing. However, the IOC is transparent in its operations and has no secrets that would compromise either our operations or our reputation.”
Although the Associated Press is not named in the McAfee report, the company’s research team has said that AP was a victim. Paul Colford, a spokesman for the Associated Press, said the AP does not comment on its network security.