While we've been watching our economy crumble and Europe burn, McAfee has announced the discovery of a gigantic and scary computer hack, dubbed Shady RAT. For the past five years, it has been penetrating financial and government systems, stealing information and propagating itself.
Contrary to the attacks we are used to hearing about, this operation is stealthy and does no harm. The perpetrators don't want chaos, they want constant undetected access to private data and government secrets. The details released to the public remain sketchy, and China is the prime suspect.
I've pinged a few of my friends who work in computer security. Obviously, they couldn't reveal anything classified, but they told me what they legally could and steered me to some publicly available information. Friend #1 focuses on the technical details, while Friend #2 explains the international intelligence intrigue aspect.
Here's network security expert #1, explaining what Shady RAT is:
In summary, entire web servers are compromised first then used to infect users who visit the MANY websites these web servers host so it can reach out to standard web browsers on a desktop PC or laptop, mobile phones browsing those sites and even VPN's connecting in.How does it happen?
Companies that have the right security can detect these kinds of things going on if they care but many are still turning a blind eye to them. Remember the words in the original Shady RAT report? Those that know they’ve been compromised and those that don’t yet know OR I add don't care enough yet because they won't allow little incidents to hurt the business......"
The hacker communities are able to constantly exploit software vulnerabilities at the code level because companies refuse to do the right thing in producing 100% safe and secure software. Web pages on the Internet have become a primary medium for hackers to get malicious code onto a persons PC via the web browser. This is accomplished by mixing executable code with static content like html. If a person visits the a bad website their browser can become infected in seconds. The ever increasing clueless user base creates a huge target and makes it easy to pull in victims.Here's what network security expert #2 said, addressing the international intrigue...
Email is also a primary threat vector because a single spear phishing attack can create a backdoor on a persons PC with an easy outgoing connection controlled from the Internet. A spear phishing attack is a favorite technique because it is so effective. The hacker community has been able to find the successful mix of human ignorance and software weaknesses and the primary motive is of course money.
Remember that huge snowball fight we had at the barracks at Holloman? That's what cyber warfare has turned out to be. A few guys tossing at each other, then whole squadrons in a toss-fest (Asia, Europe, Israel, Russia, and America), then all ganging up on the Security Police dorms (USA), until a beefy NCO comes out to tell us to knock it off or go to jail (NSA, FBI, and CyberCom).He told me he could not talk about shady RAT, but he closed with this...
Wayne Madsen has written about the massive private data breaches that have been going on for the last several years. He fingers the NSA, his former employer. I'm not entirely convinced.
Suffice it to say there are many players in this game and intrusions that do not have a monetary motive belong to governments. That's my guess. Follow the national interest in each penetration and you can finger a potential perp.Bottom line: Just as you wouldn't wander into a strange neighborhood, stay away from strange links and don't open e-mails from strangers, delete them. And your on-line banking may not be as safe as you thought. Finally, why did a private company find this, and not the federal government's billion dollar bureaucracy?
McAfee - Shady Rat White Paper
Security Through Obscurity
What is Night Dragon?
