McAfee blames an unnamed government for massive cyber espionage

Security technology vendor McAfee unveiled a report on what it called the biggest series of cyber espionage attacks discovered today. The attack involved the infiltration of 72 governments and corporations around the world, including the United Nations and the U.S. government.

McAfee blamed a “state actor,” which multiple stories, such as one by Reuters, interpret as meaning China, but did not specifically name the country that performed the spying.

The company made the revelation at the beginning of the Black Hat security technology conference in Las Vegas today.

The victims of the five-year campaign include 49 entities in the U.S. The list includes the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); and the World Anti-Doping Agency.

The hackers broke into the computer system of the UN’s secretariat in Geneva in 2008. They hid there for nearly two years and collected lots of secret data, according to McAfee.

“What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth,” McAfee’s vice president of threat research Dmitri Alperovitch, said in a blog post today.

He said the losses include closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA (industrial computing machinery) configurations, design schematics and “much more has fallen off the truck of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries.”

He added, “What is happening to all this data — by now reaching petabytes as a whole — is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape and the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world, not to mention the national security impact of the loss of sensitive intelligence or defense information.”

McAfee learned about the hacking campaign in March when its researchers found logs of the attacks while reviewing the “command and control” server that they had discovered in 2009 as part of an investigation into security breaches at defense companies. The company called the attacks “Operation Shady RAT,” where RAT stands for remote access tool, a kind of software used to review computer networks from a distance.

Alperovitch said that government law enforcers around the world are investigating the matter. McAfee is a division of Intel, which acquired the company earlier this year.