13 contractors targeted in massive cyber espionage campaign

A series of attacks against corporations and government agencies over the last five years, which netted petabytes of sensitive information, can be traced to a single command and control server, according to the security company McAfee.

Among the targets were 13 U.S. defense contractors.

In a report released Aug. 2, Dmitri Alperovitch, McAfee’s vice president of Threat Research, said a diverse group of 72 organizations was compromised, 49 of them in the United States.

Although the report does not speculate on who is behind the attacks, which have been traced back to July 2006, several security experts said the evidence points to China. 


Related stories:

RSA confirms its tokens used in Lockheed hack

Anatomy of a hack: When the GCN Lab was attacked from China


James Lewis, a senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies, told the Washington Post that, “the most likely candidate is China.” He noted, for instance, that the activity McAfee found focused on Taiwan and the International Olympic Committee in advance of the 2008 Olympic Games in Beijing.

Other organizations targeted in the attacks include the United Nations and an Energy Department laboratory, according to the McAfee report, which does not identify most of the victims specifically but does provide general categories (U.S. Federal Government Agency, U.S. State Government, U.S. Defense Contractor, South Korean Steel Company, and so on.) The list of intrusions ends in September 2010.

In the report, Alperovitch, who dubbed the attacks Operation Shady RAT (short for remote access tool), writes of the potential seriousness of the data theft to both national security and commercial interests.

“What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth,” he writes, “closely guarded national secrets (including from classified government networks), source code, bug databases, e-mail archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, [Supervisory Control and Data Acquisition] configurations, design schematics and much more has ‘fallen off the truck’ of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries.”

He notes that many of these attacks went unnoticed, or unreported, while less-sophisticated attacks such as those of the hacker groups Anonymous and LulzSec drew a lot of media attention.

And although most victims aren’t named, he writes that McAfee felt it important to name some of them, “to reinforce the fact that virtually everyone is falling prey to these intrusions,  regardless of whether they are the United Nations, a multinational Fortune 100 company, a small nonprofit think tank, a national Olympic team, or even an unfortunate computer security firm.”

Most of the victims have remediated the infections, the report states.

McAfee gained access to the command and control server used in the attacks and collected logs dating back to 2006, although the report states that intrusions could have begun earlier.

The attacks used a spear-phishing e-mail targeted at someone with high access level, the  report states. When opened on an unpatched system, malware opens a back-door communications channel to the command and control server. After that, the report adds, intruders arrive, escalate their privileges, spread to other machines and start taking data.

“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” the report states.

Victims included six federal agencies, five state governments, three U.S. county government and government-run sites in Canada, South Korea, Taiwan, Vietnam and India.

In addition to the 13 defense contractors, other victims in commercial operations included those in construction/heavy industry, electronics, steel, energy, IT, the news media, real estate and accounting. Several think tanks or nonprofits also were targeted.

The attacks hit organizations in 14 countries altogether, although the United States had by far the most with 49. The next highest totals were four in Canada and three each in South Korea and Taiwan.

Reader Comments

Tue, Aug 9, 2011

Are we all stupid in this country? Are the AMERICAN COMPANIES SO GREEDY that they would sell out their country to these folks? Why do we continue to move American jobs to this country? Why do we continue to move manufacturing to this country? Why do we continue to provide them with the economic means to own our countries enourmous debt? Then I read that they are performing covert hacks to steal more from us. I think our economy would be better off without any relations with this underhanded and devious country.

Tue, Aug 9, 2011

If the report names some of the contractor victims, could we please have WT name them in this "news" article?

Fri, Aug 5, 2011 Roland USA

How "expert" are the commenters if they don't know the source?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts

  • How Do You Support the Project Lifecycle?

    How do best-in-class project-based companies create and actively mature successful organizations? They find the right mix of people, processes and tools that enable them to effectively manage the project lifecycle. REGISTER for this webinar to hear how properly managing the cycle of capture, bid, accounting, execution, IPM and analysis will allow you to better manage your programs to stay on scope, schedule and budget. Learn More!

  • Sequestration, LPTA and the Top 100

    Join Washington Technology’s Editor-in-Chief Nick Wakeman as he analyzes the annual Top 100 list and reveals critical insights into how market trends have impacted its composition. You'll learn what movements of individual companies means and how the market overall is being impacted by the current budget environment, how the Top 100 rankings reflect the major trends in the market today and how the biggest companies in the market are adapting to today’s competitive environment. Learn More!