TOPICS > Science

Massive Campaign of Cyber Spying Uncovered

August 4, 2011 at 12:00 AM EDT
The public learned this week of a five-year, high-level hacking campaign that infiltrated computer systems of more than 70 governments, corporations and public and private organizations in 14 countries. Margret Warner discusses the hack, uncovered by McAfee, with Vanity Fair's Michael Joseph Gross, who broke the story.

JEFFREY BROWN: Now, a newly discovered cyber-attack on U.S. and international systems.

Margaret Warner has the story.

MARGARET WARNER: For at least five years, a high-level hacking campaign infiltrated the computer systems of more than 70 governments, corporations and public and private organizations in 14 countries. So says the Internet security firm McAfee, which uncovered the massive campaign and dubbed it Operation Shady RAT.

A summary released by McAfee yesterday identified — identified the perpetrator only as one specific state actor.

The story became public Tuesday through reporting in Vanity Fair by Michael Joseph Gross. And he joins us now.

And, Michael Gross, thank you for being with us.

MICHAEL JOSEPH GROSS, Vanity Fair: Thanks, Margaret.

MARGARET WARNER: This operation sounds breathtaking in its scope.  

Give us a sense. Flesh that out for us. How widespread was it? What kind of information were they going after? Who was targeted?

MICHAEL JOSEPH GROSS: This is an unprecedented campaign of cyber-espionage, demonstrates with absolute clarity now that there are just two kinds of organizations, those that have been compromised and those that haven’t, as Dmitri Alperovitch, the guy who discovered this campaign, has often said.

What happened is, they went into more than 70 organizations, everything from the International Olympic Committee to giant corporations, to tiny nonprofits, in 30 different organizational categories in 14 countries. They took out government secrets, design schematics, legal contracts, negotiation plans for business deals, every kind of sensitive information you can think of.

In many cases, these organizations were compromised for at least a year, in some cases, more than two years. And there’s a really interesting pattern to the evolution of the attacks that suggest where they may have come from.



There are — in the run-up to the Olympic Games, they started — the 2008 Olympic Games — these attackers started turning their attention to national Olympic committees and to the IOC.

MARGARET WARNER: And this was in Beijing, of course, the Games, just to remind people.


The list of victims includes 49 in the United States and many in almost every Southeast Asian country. Almost every organization is known to be of interest to China, but there wasn’t a single victim in the People’s Republic itself.

MARGARET WARNER: So what you’re describing is not just cyber-espionage, but also cyber-theft…


MARGARET WARNER: … theft of really valuable information, valuable economically and politically.


This is — you know, it’s interesting to be having this conversation today, on the day the Dow takes this massive drop, because what we’re talking about when we talk about the theft of this information is the theft of our economic competitiveness. This is the theft of the potential that we have to get back up to speed.

We don’t know what’s happening to this information yet. And we won’t know for a few years, whether it’s being used to engineer new products. But by the time we figure that out, if that is indeed the case, it will be too late.

MARGARET WARNER: And, just briefly, this is quite different, then, than the very well-publicized hacking that came out a few months ago into, whether it was the Senate website, CIA website, the PBS website. This is a different quality.


Again, Alperovitch, the guy who discovered these attacks, told me that it’s been very frustrated for him all spring to be watching the news of this Anonymous and LulzSec activity, because so much of it is just nuisance. They’re just defacing websites. That’s the sideshow. That’s the sideshow. And this is the main event.

MARGARET WARNER: So, how did McAfee, the security company, get on to it? And what — what did they do with it once they realized what was going on?

MICHAEL JOSEPH GROSS: In 2009, one of their clients, a defense contractor, noticed some unusual traffic.

And when McAfee looked at it, they realized that they were being attacked by a never-before-seen species of malicious software. When the victims would click on a link to a Web page, malware would be loaded on to their computer which would give the attackers privilege — or allow the attackers to open a back door, take privileges, get access to information in the system, and begin exfiltrating it, pulling it out.

McAfee closed down the link to that server, the server to which the stolen information was going, immediately, so its clients were blocked from connecting there. But — but, you know, for those who have chosen not to accept information about these attacks, which is — several of the victims actually seem to be quite determined not to confront this problem, the attacks are ongoing and the theft continues.

MARGARET WARNER: So, in other words, some — though McAfee notified all 72 organizations, some didn’t even take their offer of help, and this server, wherever it is, is still up and running?


McAfee is working with government agencies to try to get it shut down. But there are a lot of jurisdictional and procedural issues that make that a complicated and lengthy process. In at least two cases, I found that, even after McAfee had alerted the victims, when I called the press representatives for those victims, that they had not heard anything about this.

And, as I say, in at least some of these cases, the attacks are ongoing and folks have refused to take help in addressing the problem.

MARGARET WARNER: And, just very briefly, has the U.S. government said anything in response?

MICHAEL JOSEPH GROSS: I believe Jay Carney did — the White House spokesman — did make some comments about this in a press conference. I believe it was today. But that’s just hearsay from a hacker convention that I’m attending here in Vegas.

I do know that McAfee has been briefing Congress, the White House, other executive agencies. And I received a statement from Sen. Feinstein, the head of the Senate Select Committee on Intelligence, expressing her extreme concern after reading this report.

MARGARET WARNER: Well, more to come.

Michael Joseph Gross, thank you so much, and good reporting.