‘Shady RAT’: Five years of hacking organizations and governments

An unnamed country coordinated the largest cyber-espionage attack in history, targeting the United Nations, the International Olympic Committee, ASEAN and the World Anti-Doping Agency, Vanity Fair reported Monday. Some of the attacks lasted less than a month; others continued for two years.

Dubbed “Operation Shady RAT,” the clandestine effort compromised trade secrets and captured sensitive government information from 72 global organizations over a five-year period. “RAT” is short for Remote Access Tool.

Starting in 2006, writes Vanity Fair reporter Michael Joseph Gross, Shady RAT gained illicit access to various “government secrets, e-mail archives, legal contracts, negotiation plans for business activities, and design schematics.”

The cyber-security firm McAfee uncovered the online attack and believes the security breaches may threaten the national security and economies of several countries.

“It’s clear from this and other attacks we’ve been witnessing that there is an unprecedented transfer of wealth in the form of trade secrets and I.P. [intellectual property], primarily from Western organizations and companies, falling off the truck and disappearing into massive electronic archives,” believes Dmitri Alperovitch, McAfee’s vice president of threat research.

“What is happening to this data?” Alperovitch asked. “Is this being accumulated in a giant, Indiana Jones–type warehouse? Or is it being used to create new products? If it’s the latter, we won’t know for a number of years. But if so, it’s not just a problem for these companies, but also for the governments of the countries where these companies are located, because they’re losing their economic advantage to competitors in other parts of the world overnight. That is a national-security problem, insofar as it leads to loss of jobs and lost economic growth. That’s a serious threat.”

So far, few — including McAfee — will publicly speculate on where the attacks originated. Some security experts, however, believe the breaches are somehow connected to China.

In an interview with The Washington Post, Center for Strategic and International Studies cybersecurity expert James A. Lewis cited the attack’s emphasis on Taiwan and Olympic organizations in the run-up to the Beijing Games in 2008.

“This isn’t the first [attack] we’ve seen,” he said. “This has been going on from China since at least 1998.”