RSS Alerts

Share

More services

Related Links

  • McAfee
  • Elsevier Ltd is not responsible for the content of external websites.

Top 5 Stories

News

China refutes McAfee claims it was behind Shady RAT attacks

05 August 2011

The Chinese government - via its People's Daily newspaper - has refuted allegations by McAfee that it was involved in the multi-year attack against US government servers and other Western computer systems.

On Wednesday of this week McAfee issued a `Shady RAT (remote access trojan)' report that detailed, in great depth, what it claims are a series of multi-year, multi-system attacks on at least 72 US and other Western-allied government, contractor and other server systems.

The report - entitled `An investigation of targeted intrusions into 70+ global companies, governments and non-profit organisations during the last 5 years' - pointed an accusing finger at the Chinese government and its supporters as being behind the attack.

According to the Guardian newspaper, the report in Friday's edition of the People's Daily, the main People's Daily - "the mouthpiece of China's ruling Communist party - did not quote any official reaction to the hacking allegations but is the closest to an official response from Beijing."

The paper says that the People's Daily disputed the suggestions. "Linking China to internet hacking attacks is irresponsible," it said.

"The McAfee report claims that a 'state actor' engaged in hacking for a large-scale internet espionage operation, but its analysis clearly does not stand up to scrutiny", it added.

McAfee's report, meanwhile, said that 72 systems in the US, Canada, Taiwan, India, South Korea and Vietnam and Canada - as well as systems at the United Nations, and a range of US contractor servers - were targeted in the attacks.

According to IT auditing and logging specialist LogRhythm, whoever was to blame for the attacks, they are an example of the type of targeted attacks that are increasingly being used to extract sensitive data.

Ross Brewer, the firm's vice president, said that cybercriminals know what they want and are now more than capable of accessing it - even if this means breaking the systems of the world's most security conscious organisations.

"The way this attack was spotted is a lesson to all organisations about how they should approach IT security in future. By collecting and analysing log data it was possible to locate where traffic flow was coming from. In addition, using log data in this way meant data loss, and the methods by which it was extracted, could be identified", he said.

"Unfortunately many firms are wasting this valuable resource. In order to spot vulnerabilities in real time it is essential that organisations have automated, centralised systems in place that collect and monitor 100% of log data on an ongoing basis", he added.

Brewer went on to say that, only this approach can provide the traceability required to spot attacks when they occur and respond appropriately to minimise damage.

Over at encryption key specialist Venafi, meanwhile, Jeff Hudson, the firm's CEO, agreed with Brewer's analysis, noting that the attacks are often due to difficulties in properly deploying and managing security systems within the infrastructure.

"Let's be honest and see things as they are truly. This latest reported series of on-going breaches makes an irrefutable case. The bad guys are inside. Period, end of story. Anyone arguing with that is in denial", he said.

"The malware and the intruders are operating inside organisations today undetected. The best firewalls and intrusion detection obviously aren't enough. If people want to protect the data, which is what they bad guys are after, it has to be encrypted and the keys must be well managed", he added.

Hudson went on to say that it is interesting that recent media reports point an accusing finger at state-sponsored terrorists and governments.

Regardless of which country or agency has been launching these attacks, the bottom line is that the attacks have been successful where government secrets have been leaked, he explained.

And, he added, as some of the attacks on US government and United Nation servers date back five years, it is clear that public sector agencies need to significantly rethink their security practices.

The best approach to defending against these types of attacks says Hudson is to encrypt all data flowing between the agencies' IT resources, as well as encrypting all data that is stored.

IT managers, he adds, also need to enforce authentication, encryption key access control and audit logging for all local and remote access to this data.

This article is featured in:
Compliance and Policy  • Internet and Network Security • Malware and Hardware Security

 

Comments

Damian_1 says:

07 August 2011
The headline is wrong to be honest... McAfee never claimed China was responsible in their report, they merely claimed that it seemed like a state-sponsored actor. There are a multitude of other countries in the world (e.g. Iran, North Korea, Russia) who have enough technical nouse along with the motivation to pull off such an attack. And lets be honest, the technology used here isn't state of the art malware, its using known exploits, and owning machines via run-of-the-mill spear phishing attacks. Some further reading here for those interested:
http://www.internetsecuritydb.com/2011/08/mcafee-operation-shady-rat-media-storm.html

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012