Hacking Campaign Targets U.S. Government, Signs Point to China

A massive hacking operation dubbed "Operation Shady RAT" has compromised servers around the world for an array of national governments, private companies, and nonprofit organizations, Vanity Fair reports this month in a lengthy investigative piece.

McAfee, the Internet security firm, discovered the cyber-espionage campaign in 2009 after one of its clients—a U.S. defense contractor—reported suspicious activity on its network.

The revelations depict one of the most comprehensive and devastating hacking attacks ever uncovered, with more than 70 victims in 14 countries. Among the campaign's targets were the governments of the United States, Taiwan, South Korea, Vietnam, and Canada. Private and nonprofit firms were also victims, including the Associated Press, according to a security expert who was briefed on the intrusions.

In its report on the hacking, McAfee declined to specify who was responsible for the attacks. But James A. Lewis, a cyber-espionage expert, explained that the most likely candidate is China. "All the signs point to China," he said. "Who else spies on Taiwan?"

The International Olympic Committee was also on the target list during the run-up to the Beijing Games in 2008, another sign, Lewis explained, that China was the likely perpetrator.

According to Dmitri Alperovitch, the vice president of threat research at McAfee, a hacking operation often originated with an innocuous-looking email containing a link, which was sent to members of the network. When a user clicked on the link, a malicious program automatically loaded onto the user's server and began extracting data. In some cases, according to the McAfee report, targeted organizations remained compromised for as long as two years.