27°C | Light rain
Aug 5, 2011
A US news organisation in Hong Kong was hacked for nearly two years as part of the biggest global theft of information in history, according to internet security experts.
The UN, US government and Asean secretariat were also hit, with the finger being pointed at Beijing.
In what internet security firm McAfee dubbed Operation Shady RAT, 72 targets in 14 countries were hit over at least five years, most of them in the US.
This included defence contractors, federal and state governments, and think tanks.
Dmitri Alperovitch, vice-president of threat research at McAfee, said in a report that the attacks were all part of a single operation and the choice of targets "potentially pointed a finger at a state actor". The main culprit is believed to be China.
The way the intruders got in was simple: a "spear-phishing" e-mail which when opened downloaded malware that opened up a channel between the hacked computer and the hackers, allowing them to find and extract the data they wanted.
"What is happening to all this data is still largely an open question," Alperovitch said. "The loss represents a massive economic threat ... not to mention the national security impact of the loss of sensitive intelligence or defence information."
The Washington Post reported that the news agency in Hong Kong, which was compromised for 21 months with its office in New York also infiltrated for eight months, was The Associated Press. That agency is one of three news bureaus in town with a headquarters in New York, fitting the description in the McAfee report. The others are Bloomberg and The Wall Street Journal.
The AP offices in Hong Kong and Beijing could not be reached for comment. The Journal refused to comment.
Mak Yin-ting, chairwoman of the Hong Kong Journalists Association, said there were fears that anonymous sources, often whistle-blowers of malpractice and corruption, would hold back from speaking to the media if they knew their identities might be exposed by hackers.
"As a media organisation we contact many different people and we have rich sources of information. So we are more vulnerable [to hacking]," Mak said.
Eight of the 14 areas attacked were in Asia. Targets included the governments of India, South Korea and Taiwan. The report said that the choice of other targets - the international and national Olympic committees and the World Anti-Doping agency around 2008, a Western non-profit group promoting global democracy and the Asean secretariat - potentially pointed to a state actor because "there is likely to be no commercial benefit to be earned from such hacks".
James Lewis, a cybersecurity expert at the Centre for Strategic and International Studies in Washington, said: "You can think of at least three other large programs attributed to China that look very similar. It's a pattern of activity that we've seen before."
But Professor Li Chuanfeng , a researcher with the Key Laboratory of Quantum Information at the Chinese Academy of Sciences, said data leaks were inevitable. Intercepting digital packets required only simple tools and a fast enough super computer could decipher the encryption of information in any civilian, and sometimes military, sector, he said.
Li said that many governments and private groups had exploited these loopholes for decades. Compared to developed countries, China was a latecomer.
"The United States government is the biggest robber and thief in cyberspace. I have not heard of any argument about that."
Tang Wei , a senior technology engineer with Rising, one of the biggest anti-virus and network security companies on the mainland, said he doubted the reliability of McAfee's data. He said McAfee had a big market share in most of the compromised countries but countries apparently exempt from the attacks, such as Russia and the mainland, did not give the company much business.
But Alperovitch said there were no exceptions as to who gets hacked.
Copyright (c) 2011. South China Morning Post Publishers Ltd. All rights reserved.