Operation Shady RAT smells like Chinese hacking

Rat (asplosh at Flickr)
By Richi Jennings (@richi ) - August 3, 2011.

[Updated with a more balanced view of China]

McAfee is again shouting worrying warnings about state-sponsored hackery and crackery. This time, it's something the Intel (NASDAQ:INTC) division has weirdly dubbed Operation Shady RAT. We're told that 72 organizations have been infiltrated and had their secrets stolen. In IT Blogwatch, bloggers wonder if they're being fed Chinese takeout or garbage.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Mark Johnstone's Data Cake analogy...

John Ribeiro reports:

McAfee said the attackers are likely a single group acting on behalf of a government. ... McAfee did not say what country might have been working with the hackers, in contrast to...Google, which as recently as last month blamed China. ...[T]he security vendor gained access to a command-and-control server that collected data from the hacked computers.


The data stolen consists of...classified information on government networks, source code, e-mail archives,...oil and gas field auctions, legal contracts, SCADA...configurations, design schematics and more. ... The hacking group gained access to computers by first sending targeted e-mails to individuals. ... The e-mails contained an exploit.   

    Michael Joseph Gross breathlessly claims an exclusive:

Operation Shady rat ranks with Operation Aurora...as among the most significant and potentially damaging acts of cyber-espionage yet made public. ... The list of victims...ranges from national governments to global corporations. ... [It] demonstrates with unprecedented clarity the universal scope of cyber-espionage and the vulnerability of organizations.


...[I]n early 2009...a U.S. defense contractor, identified suspicious programs running on its network. Forensic investigation revealed...a spear-phishing e-mail containing a link to a Web page that...loaded a malicious program—a remote-access tool, or RAT—onto the victim’s computer.


Some victims seem determined to deny they’ve been attacked, even when offered empirical proof.   

  McAfee's Dmitri Alperovitch doesn't mince his words, either:

I am convinced that every company in every conceivable industry with...valuable intellectual property and trade secrets has been compromised (or will be shortly). ...[T]he adversary is tenaciously persistent in achieving their objectives...motivated by a massive hunger for secrets and intellectual property.


[It's] nothing short of a historically unprecedented transfer of wealth. ...[It] represents a massive economic threat not just to individual companies and industries but to entire countries.


...[This is] one specific operation conducted by a single actor/group. We know of many other successful targeted intrusions...that we are called in to investigate almost weekly. ... This is a problem of massive scale.   

  Edward Berridge has no qualms about pointing the finger:

McAfee believes that there was one "state actor" behind the attacks. It...appears to be talking about China. ... Hackers broke into the computer system of the UN Secretariat...and hid there unnoticed for nearly two years. Shedloads of secret data were sent to China before the attack was noticed.


The longest attack was on the Olympic Committee of an unidentified Asian nation which lasted for 28 months.   

And Paul Hales is even less equivocal:

While McAfee won't confirm that it blames China for the operation, it does.   

But Sophos's Graham Cluley isn't so sure:

...[T]here's nothing particularly surprising in McAfee's report. ...[W]e already all know that companies get targeted by hackers...[and] that there are motivations for hacking which extend beyond purely financial.


Furthermore, the report quite rightly...refuses to name who it believes is responsible. ... Nevertheless, the media have leapt to the conclusion...that it simply must be China. ... Despite the lack of any evidence. ... I'm sure China does use the internet to spy. ... But I'm equally sure that just about every country around the world is using the internet to spy.   


And Finally...

Mark Johnstone's Data Cake analogy


[Click image for full size at epicgraphic.com; hat tip: GraphJam]

Don't miss out on IT Blogwatch:

Richi Jennings, your humble blogwatcher

Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's the creator and main author of Computerworld's IT Blogwatch -- for which he has won American Society of Business Publication Editors and Jesse H. Neal awards on behalf of Computerworld. He also writes The Long View for IDG Enterprise. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: itbw@richij.com. You can also read Richi's full profile and disclosure of his industry affiliations.

Copyright © 2011 IDG Communications, Inc.

Shop Tech Products at Amazon