Long before the saga of News of the World phone hacking began, stories of computer breaches were breaking almost every week. In recent months, Sony, Fox, the British National Health Service, and the Web sites of PBS, the U.S. Senate, and the C.I.A., among others, have all fallen victim to highly publicized cyber-attacks, says Vanity Fair.
Many of the breaches have been attributed to the groups Anonymous and LulzSec. But Dmitri Alperovitch, vice president of threat research at the cyber-security firm McAfee, says that for him, “it’s been really hard to watch the news of this Anonymous and LulzSec stuff, because most of what they do, defacing Web sites and running denial-of-service attacks, is not serious. It’s really just nuisance.”
“Just nuisance,” that is, compared with a five-year campaign of hacks that Alperovitch discovered and named Operation Shady rat—a campaign that continues even now, and is being reported for the first time today, by vanityfair.com.
Operation Shady rat ranks with Operation Aurora (the attack on Google and many other companies in 2010) as among the most significant and potentially damaging acts of cyber-espionage yet made public, according to Alperovitch. Operation Shady rat has been stealing valuable intellectual property (including government secrets, e-mail archives, legal contracts, negotiation plans for business activities, and design schematics) from more than 70 public- and private-sector organizations in 14 countries.
Security company McAfee, which uncovered the intrusions, said it believed there was one “state actor” behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.