Security experts have uncovered what could amount to the biggest cyber attack ever launched in history.
The five-year stealth attack hit 72 organisations around the world - including the US Government, the UN, the International Olympic Committee (IOC), the World Anti-Doping Agency and a slew of tech and defence companies, according to security firm McAfee.
It's the latest in a series of international attacks that have seen China blamed for systematic data gathering and espionage.
As an example of the potential damage caused and methods used, McAfee said the UN was hacked when its systems were broken into at its secretariat in Geneva. The infiltrators hid their presence until discovered by McAfee, giving the perpetrators years to comb through secret data.
"Even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators," McAfee's vice president of threat research, Dmitri Alperovitch, wrote in a 14-page report seen by Reuters.
"What is happening to all this data... is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat," he said.
McAfee chose not to disclose who it thought was behind the attacks, although it suggested state-run hacking was likely.
According to the company, it stumbled across the campaign when it came across logs of the attack while reviewing a control and command server captured as part of a probe into an earlier defence company hack.
The earliest attacks dated back to 2006, McAfee said, adding that the level of espionage was unprecedented.
"Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors," Alperovitch said.
"This is the biggest transfer of wealth in terms of intellectual property in history," he said. "The scale at which this is occurring is really, really frightening."
State backing?
Although McAfee decline to name the companies attacked, it said all victims had been notified, and wouldn't be drawn on naming the origin of the hack.
However, a security expert at the Center for Strategic and International Studies (CSIS) close to the situation hinted that China was the most likely culprit for the attacks due to the timing and targets, with the IOC's systems targeted in the run-up to the 2008 Beijing Olympics.
"Everything points to China. It could be the Russians, but there is more that points to China than Russia," CSIS's Jim Lewis told Reuters.
This article originally appeared at pcpro.co.uk
Copyright © PC Pro, Dennis Publishing
Issue: 315 | May 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.
