In what security experts believe may be the largest coordinated attack ever launched, hackers have for at least five years infiltrated the computer networks of thousands of companies, organizations and governments, stealing reams of intellectual property, military information and state secrets.
The perpetrators probably belong to a government-sanctioned group from either eastern Europe or east Asia, according to security analysts. The hackers not only broke in but remained embedded in the computer systems, quietly siphoning secret data for years.
"Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," Dmitri Alperovitch, vice president of threat research at Internet security firm McAfee Inc., wrote in a 14-page report released Wednesday. The theft of so much valuable information "represents a massive economic threat," he said.
The attacks are part of what analysts see as a rapidly expanding international cyber threat that few companies or governments can adequately defend against, and which costs U.S. industries and taxpayers tens of billions of dollars every year in lost information, labor and legal fees. One research institute estimated that so far in 2011, companies have spent $96 billion on security breaches.
McAfee, which discovered the operation, did not identify the perpetrators, but many analysts said China had frequently been associated with such cyber attacks, including one in 2009 that hit Google Inc. and helped persuade the company to shut down its search engine operation in that nation. In this instance, signs that a "state actor" was behind the breaches included the hacking of various nations' Olympic committees in the run-up to the 2008 Olympics.
"There is likely no commercial benefit to be earned from such hacks," McAfee said.
The Internet security firm was able to identify at least 72 companies, organizations and governments that came under attack, including a county government in Southern California, six U.S. federal agencies, more than a dozen defense contractors, as well as multinational corporations and the United Nations. McAfee believes thousands of other networks that it could not identify were hit by the same group based on digital signatures found on compromised servers used to launch the attacks. The company released the names of only a small number of the targets.
The U.S. engages in cyber-espionage too, former Bush administration advisor Richard A. Clarke said in an interview Wednesday. But U.S. officials are focused on national security rather than gaining trade secrets that could give the nation's industries an edge.
"If they want to hack our Pentagon and we want to hack their ministry of defense to find out what the latest war plans are, that's all fine," said Clarke, who last year wrote the book Cyber War. But it's a different story "when you start stealing all the research and development that we pay for and then you run out and do it for nothing."