August 3, 2011; Source: Reuters | Wow! For those of us old enough to remember Watergate, where the sleuthing required an old-fashioned B&E to photograph documents, life has really changed. The computer security company McAfee has issued a 14-page report (apparently delivered at or in coordination with “Black Hat Conference” of cyber-sleuths) describing what is being called the worlds largest “global hack” ever: a 5-year series of cyber attacks infiltrating 72 organizations, including the United Nations, governments, and . . . nonprofits.
It dubbed the hacking “Operation Shady RAT” (RAT standing for “remote access tool”), and traced its beginnings to 2006.
McAfee won’t say who is behind the operation, but it did say that the attacks were organized by one “state actor.” Most experts think the hacking sponsor is China. As reported by Reuters, the International Olympic Committee and the World Anti-Doping Agency are among the nonprofits that suffered intrusions.
NPQ looked at the McAfee report, which seems to suggest that among the hacking victims were five “international sports” organizations, two think tanks, one “political non-profit,” and one “U.S. national security non-profit.” Forty-nine of the 72 hacked entities are U.S.-based. These aren’t all quick “smash-and-grab” operations. Although some of the intrusions were only one month long, at another, unnamed (Asian) Olympic committee, the hackers were there on and off for 28 months.
McAfee’s VP of threat research and author of the McAfee report Dmitri Alperovitch wrote that the firm was “surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators.”
We keep hearing about the nation’s vulnerability to Internet hackers constituting the defense threat of the future. McAfee’s report might be the unwitting documentation of what could turn into America’s longest war, with no place to withdraw from or to. Should nonprofits be afraid, too?—Rick Cohen