Tuesday, August 16, 2011

Thoughts on the Operation Shady Rat

Let it be known that the year 2011 is best described as the Year of the Hackers. And I know, one way or another you will agree or disagree with me. But hey! The media publicized these sophisticated security attacks targeting CIA, US Senate, Sony, PBS, Philippine Congress and the list continues. All of these attacks are attributed to hacker groups such as AntiSec, Anonymous and LulzSec.
What is very surprising from these groups is that most of their members are teens just like Topiary who recently posted on bail.
These attacks and media whoring already existed in the past but it’s only now that it has been the center of attention and worst it gained a lot of followers on what will be their next target as most of them have their own social network page on Facebook and Twitter.
In other news, Dmitri Alperovitch, Vice President of Threat Research at the Cyber-Security Firm of McAfee recently posted a blog entitled “Revealed: Operation Shady Rat” which demystified a five year hacking campaign which infiltrated the computer systems of national governments, global corporations, oil companies, and other profit and non-profit organizations. The campaign which took down 72 targets, making it perhaps the largest concerted hacking attempt in history, McAfee said. Government agencies in India, South Korea, Taiwan, and the U.S. were also attacked, plus high-profile targets like the International Olympic Committee.

I have been quiet for a couple of days because of constant research of this unprecedented cyber-espionage campaign which was discovered in the year 2006 because of the logs which was discovered by McAfee. In fact, some people blame China and Russia behind this espionage but it should be noted that McAfee disclaimed that China or Russia is responsible for this and that they also declined to reveal the source where the “Shady RAT” came from.

I’m not really sure who suggested that China should be blamed for this but I think they blamed some of the Chinese hackers because of the recent information gathering they made. It is said that in the past years, they have stolen highly confidential information that is kept secret in supercomputers in the US. But the Chinese government denied its involvement of the said campaign.

Some people may also say that it’s the Russian government because of the unforgotten Cold War between the US but then again it is really unfair to point our fingers to Russia and China because of insufficient evidence against them. All countries are innocent until proven guilty.

I guess McAfee has unleashed a new media storm because of their discovery since 2006. Their rival company, Symantec also posted its own analysis of the campaign and was skeptical of its impact. "Is the attack described in Operation Shady RAT a truly advanced persistent threat? I would contend that it isn’t, especially when you consider the errors made in configuring the servers and the relatively non-sophisticated malware and techniques used in this case," Symantec's Hon Lau wrote in a blog post.

"Sure the people behind it are persistent but no more than the myriad of other malware groups out there such as Zeus, Tidserv, and others like them," said Lau.

Although, it is highly controversial and questionable why McAfee discovered this campaign before any antivirus company or government agency; but could it be possibly an excuse to put blame on China? That I’m not sure of and I lay my hands off regarding this case.

To our valuable readers, I’ll give you a room for your opinions and views regarding this campaign. If you ask me, I have 60% trusts on this revelation. Whether this is true or not, there are questions that will cloud up our minds. So are we ready for this cyber espionage and cyber terrorism?
Philippines is not included in the list but who knows?

About the Contributor:
Shipcode is an InfoSec enthusiast from Cebu. During his high school days he was just an ordinary script kiddie. He loves to search for web exploits and other issues concerning network / wireless security.

ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved.Designated trademarks, brands and articles are the property of their respective owners.