An unidentified Indian government agency was among those hacked into, over a period of two months starting September 2010, a global investigation of targeted intrusions or cyber attacks on governments, corporations and non-profits, by IT security firm McAfee reveals.
The investigation, dubbed ‘Operation Shady RAT' — a commonly-used acronym for remote access tools that allow you to access computers from a remote location — tracks a series of cyber attacks on 72 organisations across 14 geographic locations, over a period of five years.
Details of the investigation were revealed on Wednesday in a 14-page report, uploaded on the McAfee website.
Apart from the Indian website, government portals in the United States (14 attacks on Federal and State portals over five years), Canada (two attacks), South Korea, Vietnam and Taiwan were found hacked. A substantial chunk of these attacks also targeted industries and corporations with the possible motive of IP theft. Prominent Web portals of the International Olympic Committee, the United Nations, U.S. defence contractors, and ironically, security firms, also figured on the list. Interestingly, one unnamed major news organisation too was compromised at its New York headquarters and Hong Kong bureau for more than 21 months, the report found.
Tracing the intrusions over five years starting 2006, the report observes that attacks climbed from a measly eight intrusions in 2006 to a whopping 38 in 2009.
This number has fallen since to 17 in 2010 and 9 in 2011, the report finds.
Ever since the report went viral on the Web, on Wednesday, speculation is rife about the source of the attack.
The report itself does not mention the perpetrator, though it observes that the fact that the Asian and Western national Olympic Committees, IOC and the World Anti-Doping Agency have been hacked into points to a non-commercial motive to these attacks. The report alludes to possible involvement of “a state actor.”
Simple modus operandi
The attacks were simple in procedure, executed by sending a spear-phishing email containing an “exploit” which, when opened, automatically downloads malware on to the computer's hard-disk.
This malware — a set of instructions on your computer — will set up a new communication channel to the ‘command and control' Web server.
“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators,” writes Dmitri Alperovitch, author of this report and vice-president of Threat Research at McAfee.
