How Did We Miss the World's Largest Cyber Attack?
Researchers detail an international hacking plot that's been running for five years
For the past five years, hackers have been infiltrating the networks of some of the world's largest and most influential organizations, and security consultants just noticed. Revealed by software security firm McAfee at the Black Hat security conference in Las Vegas this week, the scale of "Operation Shady RAT"--a code name referring to a remote access tool used to break into networks--makes it somewhat shocking that a government agency didn't spot the attack sooner. Hackers targeted the United Nations, the International Olympic Committee, the World Anti-Doping Agency as well as several governments and American corporations. In fact, out of the total 72 organizations targeted, 49 are based in the United States. McAfee suspects that it's another government that's been doing the hacking, and experts say signs point to China.
So why didn't we spot this sooner? The quick answer is that we did, but it was kept a secret. With the Pentagon hurriedly expanding operations online and declaring the internet a war zone, the government is not unaware of the dangers of cyber attacks. In fact, the NSA, Defense Department and a number of other governmental bodies are attempting to recruit hackers at the Black Hat conference and its sister convention DefCon. But the escalation of attention paid to cyber security has only really picked up in the past year while the attacks started in 2006. There are some competing but overlapping theories on why we missed the series of attacks since then.
We've been distracted by the inconsequential breaches by Anonymous. McAfee's vice president of threat research Dmitri Alperovitch thinks that some of cyber security resources have been misplaced with the past year's string of attacks from the hacktivists affiliated with Anonymous and spinoff group LulzSec. "it’s been really hard to watch the news of this Anonymous and LulzSec stuff, because most of what they do, defacing Web sites and running denial-of-service attacks, is not serious," Alperovitch told Vanity Fair, who broke the story about the attacks. "It’s really just nuisance."
China, if culpable, is damn good at hacking. Mike Lennon at Securityweek points to a 2010 report that claims China is engaging in "the single largest, most intensive foreign intelligence gathering effort since the Cold War." Lennon writes, "China is investing in the resources needed for 'building an informationalized force and winning an informationalized war,' including a 1,100 person cyber operation with a submarine cave entrance worthy of a James Bond film, all hidden beneath the white sands and villages of Hainan Island, a popular tourist destination." If indeed China's the source of the attack--and almost everyone thinks it was--it's possible that we were just outgunned.
The U.S. government is incapable of defending itself from cyberattacks. We pointed out in June that the Pentagon seems pretty confused about how to fight a cyber war. Beyond the confusion over which agency should be watching out for attacks, we also have a hard time knowing where to look for the attacks. (As is evidenced by the lack of clarity on who carried out these latest attacks.) Foreign Policy's David Hoffman writes, "In the nuclear arms race, we knew a lot about our adversaries, if not everything. We set up early warning systems that could track a missile trajectory. We knew where the enemy silos were located. We established 'counterforce' targets that could hit those silos with great precision... The offensive cyber battlefield promises to be far more chaotic than in the nuclear arms race, with many smaller players and non-state actors."