Nonprofits Targeted in the World’s Biggest Hacking Campaign

Print Share on LinkedIn More

August 3, 2011; Source: Reuters | Wow! For those of us old enough to remember Watergate, where the sleuthing required an old-fashioned B&E to photograph documents, life has really changed. The computer security company McAfee has issued a 14-page report (apparently delivered at or in coordination with “Black Hat Conference” of cyber-sleuths) describing what is being called the worlds largest “global hack” ever: a 5-year series of cyber attacks infiltrating 72 organizations, including the United Nations, governments, and . . . nonprofits. 

It dubbed the hacking “Operation Shady RAT” (RAT standing for “remote access tool”), and traced its beginnings to 2006. 

McAfee won’t say who is behind the operation, but it did say that the attacks were organized by one “state actor.” Most experts think the hacking sponsor is China. As reported by Reuters, the International Olympic Committee and the World Anti-Doping Agency are among the nonprofits that suffered intrusions. 

NPQ looked at the McAfee report, which seems to suggest that among the hacking victims were five “international sports” organizations, two think tanks, one “political non-profit,” and one “U.S. national security non-profit.” Forty-nine of the 72 hacked entities are U.S.-based. These aren’t all quick “smash-and-grab” operations. Although some of the intrusions were only one month long, at another, unnamed (Asian) Olympic committee, the hackers were there on and off for 28 months.  

McAfee’s VP of threat research and author of the McAfee report Dmitri Alperovitch wrote that the firm was “surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators.” 

We keep hearing about the nation’s vulnerability to Internet hackers constituting the defense threat of the future. McAfee’s report might be the unwitting documentation of what could turn into America’s longest war, with no place to withdraw from or to. Should nonprofits be afraid, too?—Rick Cohen

  • Matt

    Rick–Is there public access to the McAfee report?

    As you likely already know, an Iowa church was hacked this summer, likely by hackers overseas. The church had $680,000 stolen electronically.

    For nonprofits that manage any donor info online or handle any funds electronically, the need to take this threat seriously.


  • rick cohen

    The link to the McAfee report is in my newswire above. It was a bit hard to find, actually, but I did track it down.