McAfee Uncovers “Biggest Ever” Series of Cyberattacks

Security company McAfee is reporting that it has uncovered the biggest series of cyberattacks to date. McAfee’s experts believe that a “state actor” was behind the attacks that infiltrated 72 organizations, including the United Nations and international governments, differing from the latest rash of “lulzy” attacks we’ve covered here.

One security expert said that evidence in the case points toward China as the origin for the attacks, but there doesn’t appear to be anything concrete in the public’s hands as of yet.

McAfee says that the series of hacker attacks took place over five years and targeted “governments of Canada, the United States, Taiwan, India, South Korea and Vietnam; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.”

“Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” McAfee’s vice president of threat research, Dmitri Alperovitch, wrote.

One particular case of audacity involved the United Nations. Hackers broke into the computer system of the UN Secretariat in Geneva back in 2008 and essentially “hid” there for two years, silently working through scores of secret information.

McAfee says that there’s no indication as to what’s at the root of the attacks. “What is happening to all this data … is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat,” wrote Alperovitch.

McAfee says that they uncovered the extent of the attacks in March when they were reviewing a “command and control” server discovered in 2009 as part of an investigation into breaches at defence companies. The security researchers say that the attacks date back to 2006, but there may have been other intrusions from before that have yet to be detected. In other words, the real extent of the attacks has yet to be determined.

McAfee has made no official comment as to responsibility and there is a fear to linking these attacks to a government or world power, especially with the economy being what it is. Regardless of the specifics of responsibility, these attacks must be taken seriously. Cyberattacks represent the elements of warfare now, like it or not, and entire economies can be destroyed with the simple click of a button. Scary times, indeed.

“I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact,” Alperovitch wrote in the report. “In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.”