More than 70 organisations, including the United Nations, the International Olympic Committee (IOC) and defence contractors for both the UK and US were said to have been victims of the attack which was the work of a single “state actor”.
McAfee, the internet security group, stopped short of naming China as responsible, but independent security experts said the choice of targets, such as the Olympic Committee before the 2008 Olympic Games, suggested Beijing was the most likely culprit.
“Everything points to China,” said James Lewis, a cyber security expert at the Center for Strategic and International Studies who was briefed on the report, “You can think of at least three other large programs attributed to China that look very similar. It’s a pattern of activity that we’ve seen before.”
The victims of the attacks were all tracked to a single computer server, McAfee said in its 14-page report which added that some networks, including that of the UN secretariat in Geneva, has been penetrated for two years by the malicious software.
This event is being called the biggest series of cyber attack in history, taking place over the span of five years. From Reuters:
Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.
Security company McAfee, which uncovered the intrusions, said it believed there was one “state actor” behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.
The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.
“Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” McAfee’s vice president of threat research, Dmitri Alperovitch, wrote in a 14-page report released on Wednesday.
“What is happening to all this data … is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat.”