In what security experts believe may be the largest coordinated attack ever launched, hackers have for at least five years infiltrated the computer networks of thousands of companies, organizations and governments, stealing reams of intellectual property, military information and state secrets.
The perpetrators probably belong to a government-sanctioned group from either Eastern Europe or East Asia, according to security analysts. The hackers not only broke in but remained embedded in the computer systems, quietly siphoning secret data for years.
“Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” Dmitri Alperovitch, vice president of threat research at Internet security firm McAfee Inc., wrote in a 14-page report released Wednesday. The theft of so much valuable information “represents a massive economic threat,” he said.
The attacks are part of what analysts see as a rapidly expanding international cyber threat that few companies or governments can adequately defend against.
McAfee, which discovered the operation, did not identify the perpetrators, but many analysts said China had frequently been associated with such cyber attacks, including one in 2009 that hit Google Inc. and helped persuade the company to shut down its search engine operation in that nation. In this instance, signs that a “state actor” was behind the breaches included the hacking of various nations’ Olympic committees in the run-up to the 2008 Olympics.
“There is likely no commercial benefit to be earned from such hacks,” McAfee said.
The Internet security firm was able to identify at least 72 companies, organizations and governments that came under attack including a county government in Southern California, six U.S. federal agencies, more than a dozen defense contractors, as well as multinational corporations and the United Nations. McAfee believes thousands of other networks that they could not identify were hit by the same group based on digital signatures found on compromised servers used to launch the attacks. The company released the names of only a small number of the targets.
In the case of the United Nations, the intruder was able to camp out in the computer system and had access to files kept by the secretariat in Geneva for nearly two years.
“What is happening to all this data … is still largely an open question,” Alperovitch said. “However, if even a fraction of it is used to build better-competing products or beat a competitor at a key negotiation (because of having stolen the other team’s playbook) the loss represents a massive economic threat.”
Attackers seemed to pay special attention to government agencies and manufacturing and technology firms in Asian countries, which some analysts saw as further evidence suggesting that China was the culprit.
“One of the things that points to China is the extent of the attention to Taiwan, South Korea and Japan,” said Scott Borg, executive director of the U.S. Cyber Consequences Unit, a Washington think tank that examines cyber events and collects confidential information from attack victims. “For language and other reasons, the Russians are much more inclined to go after Western Europe and the U.S.”
China has vehemently denied that it sanctions hack attacks.