McAfee Operation Shady RAT: Is China the World's Cyberscapegoat?
Following McAfee's discovery that as many as 72 governments and companies' networks have been compromised in what is believed to be a state-sponsored hacking campaign, the world's eyes have once again fallen on China, leading to the question; has China become the world's cyberscapegoat?
Operation Shady RAT
Security company McAfee uncovered the alleged network intrusions after researchers stumbled upon logs of the attacks while reviewing a command and control server found during its 2009 investigation into defense company data breaches.
In its subsequent report McAfee highlighted its belief that the intrusions were part of an ongoing campaign going back at least five-years, perpetrated by a "state actor." The campaign has since been called "Operation Shady RAT."
The laundry list of victims included the United States, Taiwanese, Indian, South Korean, Vietnamese and Canadian governments. The report also highlighted the United Nations (UN), the International Olympic Committee (IOC), the World Anti-Doping Agency and numerous tech companies -- some with high-profile military contracts -- as other targets.
The UN was reportedly hit back in 2008. The attack hit its Secretariat in Geneva and the hackers reportedly remained active, trawling through the network unnoticed for nearly two years before being removed. The UN has since clarified that it is aware of McAfee's report and is in the midst of investigating whether an intrusion did indeed occur.
All Eyes on China
Though McAfee's report didn't mention it by name, as reported by Reuters, several security firms and governments have glanced China's way when asked who is responsible for Operation Shady RAT.
Speaking to Reuters, Jim Lewis, a cyber expert with the Center for Strategic and International Studies, said, "Everything points to China. It could be the Russians, but there is more that points to China than Russia."
A Checkered Past
China has always garnered the world's suspicion when it comes to questions regarding state sponsored hacking.
Just this year China was widely suspected of having played a part in an attack on Google's Gmail service.
The original attack, while speculated to have happened at the start of this year, was only confirmed by Google in June.
The cyberattack reportedly made use of malware and phishing techniques. Google described the attack as a deliberate attempt to gain access to the Gmail accounts of several U.S. Government officials, journalists and public opponents of the Chinese Government.
Google went on to confirm that it had traced the attack to the Shandong Province in central China. Specifically Google has stated that the hack originated from the province's capital Jinan.
The attack on Google's Gmail was not the first time the Shandong Province attracted negative attention.
Shandong is the same province the company traced as the origin point of a previous cyber attack on its computer systems back in 2009. It is also the location of the 2010 cyber attack that targeted Google's source code.
Further to this, the Jinan city is home to one of the People's Liberation Army's six technical reconnaissance bureaus and a technical college that is commonly suspected of playing a role in 2009's attack on Google.
Numerous defence analysts have since gone so far as to suggest that the city's technical colleges may in fact be a government funded hacker training camps -- an allegation China vehemently denies.
China Claim Innocence
Though China have what at best can be described as a guarded approach to western media, the country has always denied any allegations of state sponsored hacking.
Most recently following the attack on Google Chinese spokesman Hong Lei commented:
"Blaming these misdeeds [the cyber attack on Google] on China is unacceptable.
"Hacking is an international problem and China is also a victim. The claims of so-called support for hacking are completely unfounded and have ulterior motives."
© Copyright IBTimes 2024. All rights reserved.