December 22, 2024

Security Firm Sees Global Cyberspying

However, as with a number of other alarming recent reports on computer spying, the study offered few details that would allow independent verification, and it was difficult to immediately assess the damage done. It did not identify the location of the attacking computer system, say what kinds of documents or information were stolen, or offer any direct evidence of a state’s involvement.

The company, McAfee, said it had identified 72 targets — 49 of them American, including 14 federal, state and county agencies and 11 defense contractors — and also informed law enforcement agencies, which it said were investigating.

The White House referred questions to the Department of Homeland Security. At a news conference on other matters, that department’s secretary, Janet Napolitano, said: “We became aware of the McAfee report, I think, today, which is when it was released to the press, as well. We obviously will evaluate it, look at it and pursue what needs to be pursued in terms of its contents.”

One of the few named organizations, the World Anti-Doping Agency, cast doubt on the report’s assertion that the agency had been subject to a 14-month attack that began in August 2009. In a statement, the director general, David Howman, acknowledged that the agency had experienced an e-mail breach in February 2008, but that “at this stage, W.A.D.A. has no evidence from its security experts of the intrusions as listed by McAfee and the agency has yet to be convinced that they took place.”

McAfee, which was recently acquired by Intel, said it released the report to coincide with the start on Wednesday of the annual Black Hat technical security conference in Las Vegas. Briefings were scheduled to be delivered at the conference. Details of the study were first published on the Web site of Vanity Fair.

Asked why McAfee decided not to identify most of the corporations that were targets in the attacks, the company said that the corporations were worried about being identified and alarming shareholders or customers.

Cybersecurity is now a major international concern, with hackers gaining access to sensitive corporate and military secrets, including intellectual property. The report comes after high-profile computer network attacks aimed at the International Monetary Fund, Sony and the Lockheed Martin Corporation, America’s largest military contractor.

Concern over attacks being carried out by nation-states is rising sharply, particularly after Google said last year that Chinese hackers stole some of the company’s source code. Many security experts say the Chinese government has built up a sophisticated cyberwarfare unit and that the government might be partnering with professional hackers. But the list of entities, government or private, suspected of hacking campaigns, is a long one.

Jeff Moss, an Internet security expert who founded the Black Hat Conference, said it would be hard to narrow down the suspects in a broad campaign. “China is a pretty convenient punching bag,” he said.

The company’s 14-page report, written by Dmitri Alperovitch, McAfee’s vice president for threat research, traced the attacks to at least 2006 and said they peaked in 2009. It calls the attacks highly sophisticated and said targets included governments, companies, and organizations in Canada, Japan, South Korea, Taiwan, Switzerland and Britain.

“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” the report said.

McAfee said it identified a single perpetrator in March, when it discovered detailed logs of attacks while reviewing the contents of a server it had discovered in 2009 as part of an investigation into security breaches at defense companies. Joris Evers, a spokesman for McAfee, said the server was in a Western country but that he could not be more specific.

McAfee called the attacks Operation Shady RAT — RAT stands for remote access tool, a type of software used to control networked computers.

The duration of the attacks ranged from a month to what McAfee said was a sustained 28-month attack against an Olympic committee of an unidentified Asian nation.

David Barboza reported from Shanghai, and Kevin Drew from Hong Kong. John Markoff contributed reporting from San Francisco and Somini Sengupta from Las Vegas.

Article source: http://www.nytimes.com/2011/08/04/technology/security-firm-identifies-global-cyber-spying.html?partner=rss&emc=rss