Computerworld - Two security companies are questioning claims that a cyber-espionage campaign uncovered by a rival firm was sophisticated or even extraordinary.
On Tuesday, antivirus vendor McAfee described a five-year hacker operation that infiltrated more than 70 U.S. and foreign government agencies, defense contractors and international organizations to plant malware that in some cases hid on networks for years.
In its report, McAfee said it was "surprised by the enormous diversity of the victim organizations" and "taken aback by the audacity of the perpetrators."
News stories about the report seized on the word "unprecedented" in the McAfee report to characterize the scale of the intrusions.
"What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth," said McAfee, referring to the now nearly-constant attacks on Western companies and organizations by campaigns like Shady RAT.
Moscow-based Kaspersky Lab on Thursday begged to differ, saying that McAfee has simply not provided enough information to justify the claims being bandied about.
"The report contains nothing on what particular data has been stolen or how many computers in each organization were hit by the attacks," said Alex Gostev, Kaspersky's chief security expert, in an emailed statement. "Until the information in the McAfee report is backed up by evidence, to talk about the biggest cyberattack in history is premature."
Although McAfee's report on what it dubbed "Operation Shady RAT" (download PDF) was filled with details -- it noted how long the malware had remained hidden on each of the 72 victims and provided a timeline on the various compromises -- it did not, in fact, explicitly claim that data had been stolen.
Other security researchers have chimed in as well to rebut claims that the Shady RAT attacks were sophisticated or even out of the ordinary.
"Is the attack described in Operation Shady RAT a truly advanced persistent threat?" asked Symantec researcher Hon Lau in a Thursday blog post. "I would contend that it isn't."
Advanced persistent threat, or APT, is the term that's been widely used to describe attacks, targeting specific companies or organizations, that try to burrow into a computer network and pillage information.
The word "advanced" is a misnomer, said Lau in a write-up of Symantec's own analysis of Shady RAT, which filled in many of the details omitted by McAfee, including the type of malware involved, the techniques hackers used to plant their attack code on PCs and the exploits they used.
Lau popped the "advanced" balloon by citing the sloppiness of the attackers, who left their own command-and-control (C&C) servers open to probing, and their use of "relatively non-sophisticated malware and techniques."
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
