INSECURITY OUTFIT McAfee claims that the networks of 72 organisations including the United Nations, governments and companies around the world were hacked over many years.
McAfee claims it uncovered the network breaches, saying that it believed one "state actor" was involved but did not name the state. Reuters managed to find one security "expert" that pretty much automatically pointed the finger at China, but there's little publicly available information to come to such a conclusion, no matter how convenient that may be.
The real shock is not the number of organisations targeted but the timescale of these breaches, which McAfee says took place over a span of five years. Apart from the United Nations, McAfee says it identified networks in the US, Taiwan, India, South Korea, Vietnam and Canada all being hacked. The Association of Southeast Asian Nations, the International Olympic Committee and the World Anti-Doping Agency were also named among numerous other organisations and companies worldwide.
Dmitri Alperovitch, VP of threat research at McAfee said, "Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators."
Alperovitch continued, seemingly perplexed and worried, saying, "What is happening to all this data ... is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team's playbook), the loss represents a massive economic threat."
Apparently McAfee figured out the scale of these attacks, which it dubbed Operation Shady RAT [remote access tool], back in March.
When talking with Reuters, Alperovitch was less restrained, saying, "Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors." He added that all 72 organisations that were affected by the attacks have been informed and law enforcement agencies around the world are on the case.
Pointing the finger at China is the easy way out. After all, it does have some form for hacking but the deeper question is how anyone, regardless of what nation they were working for, managed to compromise the networks of well known organisations that handle highly sensitive and in some cases Top Secret classified information and for so long.
And while McAfee and other insecurity vendors might use these attacks as a catalyst to flog more software and services, perhaps some analysis of the security that was already deployed is required.
After all, it would be a tad embarrassing if one of those 72 organisations relied on McAfee to secure its networks only for McAfee to find out, after five years, that its own products were not up to the job. µ