Hackers infiltrate computer networks of thousands of companies
The hackers, who belong to a government-sanctioned group from either Eastern Europe or East Asia, not only broke in but remained embedded in the computer systems, quietly siphoning secret data for years, security analysts say.By David Sarno, Salvador Rodriguez and Ken Dilanian, Los Angeles Times
The perpetrators probably belong to a government-sanctioned group from either Eastern Europe or East Asia, according to security analysts. The hackers not only broke in but remained embedded in the computer systems, quietly siphoning secret data for years.
"Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," Dmitri Alperovitch, vice president of threat research at Internet security firm McAfee Inc., wrote in a 14-page report released Wednesday. The theft of so much valuable information "represents a massive economic threat," he said.
The attacks are part of what analysts see as a rapidly expanding international cyber threat that few companies or governments can adequately defend against, and which costs U.S. industries and taxpayers tens of billions of dollars every year in lost information, labor and legal fees. One research institute estimated that so far in 2011, companies have spent $96 billion on security breaches.
McAfee, which discovered the operation, did not identify the perpetrators, but many analysts said China had frequently been associated with such cyber attacks, including one in 2009 that hit Google Inc. and helped persuade the company to shut down its search engine operation in that nation. In this instance, signs that a "state actor" were behind the breaches included the hacking of various nations' Olympic committees in the run-up to the 2008 Olympics.
"There is likely no commercial benefit to be earned from such hacks," McAfee said.
The Internet security firm was able to identify at least 72 companies, organizations and governments that came under attack, including a county government in Southern California, six U.S. federal agencies, more than a dozen defense contractors, as well as multinational corporations and the United Nations. McAfee believes thousands of other networks that it could not identify were hit by the same group based on digital signatures found on compromised servers used to launch the attacks. The company released the names of only a small number of the targets.
In the case of the United Nations, the intruder was able to camp out in the computer system and had access to files kept by the secretariat in Geneva for nearly two years.
"What is happening to all this data … is still largely an open question," Alperovitch said. "However, if even a fraction of it is used to build better-competing products or beat a competitor at a key negotiation [because of having stolen the other team's playbook]) the loss represents a massive economic threat."