Shady RAT: The biggest ever cyber-attack?

Shady RATThe media are in a frenzy today, excitedly reporting the “biggest ever cyber-attack”.

The reason? A report published today by McAfee called “Revealed: Operation Shady RAT”, explains that the security firm stumbled across logs on a server used by hackers, and ascertained that organisations and governments around the world had been targeted by malware that could have stolen information from their systems.

The report names the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada, the United Nations, the International Olympic Committee (IOC), and assorted companies amongst the victims.

To be honest, there’s nothing particularly surprising in McAfee’s report to those of us who have an interest in computer security.

For instance, we already all know that companies get targeted by hackers, who install malware to gain remote access to their computers and data. And we already all know that there are motivations for hacking which extend beyond purely financial (for instance, IP theft, economic, political, etc motivations).

What the report doesn’t make clear is precisely what information was stolen from the targeted organisations, and how many computers at each business were affected.

I can’t help but feel that we can’t call “Operation Shady RAT” (McAfee’s name, by the way) the biggest ever cyber-attack without having questions like those answered.

After all, just last week we saw personal information stolen from 35 million social networking users in South Korea.

So what? You might say.

Well, there are only 48 million people in total who live in South Korea.

In other words, almost three quarters of the South Korean population suffered at the hands of hackers last week.


It’s hard to compare 35 million victims in South Korea (where we know what information was lost) with the 72 companies McAfee details in its report (where we don’t know what information was stolen), and say one was more important than the other.

Shady RAT paperFrom my reading of the “Shady RAT” report it’s unclear whether the analysis of the hackers’ logs was able to differentiate between when a junior employee’s computer was infected with malware, and when a PC belonging to someone in a more senior position was compromised.

The seriousness of the two security breaches would be very different.

Furthermore, the report (quite rightly, in my opinion) refuses to name who it believes is responsible for the hack. Nevertheless, the media have leapt to the conclusion, with a nudge and a wink, that it simply must be China.

Despite the lack of any evidence in the report that it is China.

I don’t think we should be naive. I’m sure China does use the internet to spy on other countries.

But I’m equally sure that just about *every* country around the world is using the internet to spy. Why wouldn’t they? It’s not very hard, and it’s certainly cost effective compared to other types of espionage.

McAfee has got itself some great headlines by releasing this report just as the BlackHat security conference begins in Las Vegas. Fair play to them – it’s quite an art to get widespread coverage in mainstream press, such as Vanity Fair, for your technical reports.

Vanity Fair

McAfee’s PR team are skilled operators in this regard (there was similar coincidental timing when they issued their “NightDragon” investigation as the RSA Conference opened in February this year).

But McAfee’s skill at making headlines doesn’t mean that we shouldn’t learn any lessons from their investigations.

No organisation should let its defences drop. Take security seriously, train and educate your staff, and put the right protection in place to reduce the chances of your firm being the next victim.