The Public Eye with Eric Chabrow

Shady RAT Casts Shadow Over Society

5-Year-Long Hack Shows Interconnectivity of IT.
Shady RAT Casts Shadow Over Society

What Operation Shady RAT reminds us is not just how vulnerable our IT systems are, but how interconnected we are as a global society, and the fundamental role information technology plays.

Operation Shady RAT is what information security provider McAfee dubbed its research into a five-plus-year, advanced persistent threat perpetrated by what it characterizes as a "state actor." McAfee isn't identifying that state actor, but suspicion falls on China (see Is China the Nation Behind Shady RAT?).

Among the most significant findings of the study is that the hackers targeted 70 organizations from government and six other sectors situated in 14 different countries. That astonished the author of the study, Dmitri Alperovitch. "After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," the McAfee vice president of threat research wrote in the paper.

Why should it be so surprising? Take a look at this table from the study and you'll see clear links among many of the victims and their interconnectivity with one another and why the information they hide behind their firewalls would be of interest to the attacker.

Let's assume that conventional wisdom is correct, and the attackers are from and/or backed by the Chinese government.

The largest category, government, shows target nations that China sees as its primary global and regional competitors, led by the United States, but also including Canada, India, South Korea, Taiwan and Vietnam as well as the United Nations. The digital espionage appears focused on gaining intelligence to help China boost its military might. Targeting the likes of defense contractors as well as high-tech-related sectors seems logical.

"The key to these intrusions is that the adversary is motivated by a massive hunger for secrets and intellectual property; this is different from the immediate financial gratification that drives much of cybercrime, another serious but more manageable threat," Alperovitch wrote.

Seeking Smarts to Be Competitive, Boost Image

China's economy is among the fastest growing in the world. Though it has slowed a bit the past year or so, the annual growth rates hovers just below 10 percent. No wonder it targeted companies in construction, energy, real estate, solar power and steel.

And, as a growing global political influencer, it's seeking to boost its image. In the midst of these hacks, China was preparing for and hosted the 2008 Summer Olympics. Among its targets: five international sports organizations. "The interest in the information held at the Asian and Western national Olympic Committees, as well as the International Olympic Committee and the World Anti-Doping Agency in the lead-up and immediate follow-up to the 2008 Olympics was particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks," Alperovitch wrote.

To compete globally, companies and even governments must master a wide range of disciplines. And it would be naïve to think that gaining this knowledge - this intelligence - would be acquired on the up-and-up. Furtive use of IT isn't uncommon, as the McAfee paper observes: "We know of many other successful targeted intrusions that we are called in to investigate almost weekly, which impact other companies and industries."

In Shady RAT, the amount of data pilfered has reached petabytes, as Alperovitch pointed out, adding that "if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation, the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape and the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world, not to mention the national security impact of the loss of sensitive intelligence or defense information."

Shady RAT and its still-unknown digital assailants are just more contributors to what is certain to be a rocky, global economic and political environment in an interconnected world in the coming years. As Alperovitch put it: "This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don't have anything valuable or interesting worth stealing."



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.