In what security experts believe may be the largest coordinated attack ever launched, hackers have for at least five years infiltrated the computer networks of thousands of companies, organizations and governments, stealing reams of intellectual property, military information and state secrets.
The perpetrators probably belong to a government-sanctioned group from either Eastern Europe or East Asia, according to security analysts. The hackers not only broke in but remained embedded in the computer systems, quietly siphoning secret data for years.
"Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," Dmitri Alperovitch, vice president of threat research at Internet security firm McAfee Inc., wrote in a 14-page report released last week. The theft of so much valuable information "represents a massive economic threat," he said.
The attacks are part of what analysts see as a rapidly expanding international cyber threat that few companies or governments can adequately defend against and which costs U.S. industries and taxpayers tens of billions of dollars every year in lost information, labor and legal fees. One research institute estimated that so far in 2011, companies have spent $96 billion on security breaches.
McAfee, which discovered the operation, did not identify the perpetrators, but many analysts said China had frequently been associated with such cyber attacks, including one in 2009 that hit Google Inc. and helped persuade the company to shut down its search engine operation in that nation. In this instance, signs that a "state actor" were behind the breaches included the hacking of various nations' Olympic committees in the run-up to the 2008 Olympics.
"There is likely no commercial benefit to be earned from such hacks," McAfee said.
The Internet security firm was able to identify at least 72 companies, organizations and governments that came under attack, including a county government in Southern California, six U.S. federal agencies, more than a dozen defense contractors, as well as multinational corporations and the United Nations. McAfee believes thousands of other networks that it could not identify were hit by the same group based on digital signatures found on compromised servers used to launch the attacks. The company released the names of only a small number of the targets.
In the case of the United Nations, the intruder was able to camp out in the computer system and had access to files kept by the secretariat in Geneva for nearly two years.
"What is happening to all this data ... is still largely an open question," Alperovitch said. "However, if even a fraction of it is used to build better-competing products or beat a competitor at a key negotiation (because of having stolen the other team's playbook) the loss represents a massive economic threat."
Attackers seemed to pay special attention to government agencies and manufacturing and technology firms in Asian countries, which some analysts saw as further evidence suggesting that China was the culprit.
"One of the things that points to China is the extent of the attention to Taiwan, South Korea and Japan," said Scott Borg, executive director of the U.S. Cyber Consequences Unit, a Washington think tank that examines cyber events and collects confidential information from attack victims. "For language and other reasons, the Russians are much more inclined to go after Western Europe and the U.S."
Borg said "catch-up" economies like China derive part of their growth from copying other nations' technical achievements, many of which they purloin through industrial espionage, he said. China has vehemently denied that it sanctions hack attacks.
"They are not stealing just what people ordinarily think of as priority information," Borg said. "They are stealing all of the information: The customer lists, the supplier lists, the bidding levels, all the business communications, all of the business processes, all the schematics and layouts, all of the control settings for every valve, switch, temperature and pressure."
A study released last week by the Ponemon Institute, a research group that studies Internet security, found that cyber attacks are happening more frequently and are costing companies more money each year.
The study, which looked at 50 large U.S. companies with more than 1,000 employees, found that companies were hit by at least one successful attack every week. The price of cyber attacks is rising as well: Companies are now paying close to $5.9 million a year to remedy attacks, up from $3.8 million last year.
McAfee said attackers gained control of computer systems through relatively simple means -- generally by tricking employees into opening infected emails. If an employee with enough access to computer systems opens a bad email, it can trigger his or her computer to download malicious software that can give hackers a "back door" into the entire computer system.