Operation Shady Rat
On August 2nd, 2011, McAfee revealed a white paper titled Operation Shady RAT to the public. The report, “an investigation of targeted intrusions into more than 70 global companies, governments, and non-profit organizations during the last five years” serves as yet another wake-up call asking for an increased focus on security, and fast(Alperovitch, 2011, pg1). The report details a list of intrusions over the past five years into major companies by a single command and control server (one group of hackers) including dates of infection and removal (length of intrusion while going unnoticed). The attacks themselves used spear-phishing techniques that are by now standard. Apparently legitimate e-mails with attachments are sent to organization employees, and those attachments contain exploit code that compromise the employee's system. These exploits are typically zero-day attacks. With a PC now compromised, the hackers can install RAT software on the victim PCs, to allow long-term monitoring, collection of credentials, network probing, and data ex filtration. McAfee says that the total data stolen through these attacks amounted to petabytes. Where it has gone and who has used it remains unknown. The main problem with information surfaced by the report questions the reliability of major organizations such as our government who unable to secure their own networks. I share a very similar view as Dmitri Alperovitch, Vice President and threat researcher of McAfee, concerning the current state of security. “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact. In fact, I divide the entire set of Fortune Global 2,000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.”...
Please join StudyMode to read the full document