How it played out
The storm of media interest was sparked at 9.14pm, Tuesday night US time, August 2, when the original blog post and research report was released by McAfee researcher Dmitri Alperovitch. The first media article appeared on Vanity Fair which was given the web exclusive story first.
Many thousands of other media outlets then ran with the story on the following day (Wednesday), typically
summarising the research report, with many claiming it to be the biggest cyber attack in history. Many also pointed the finger of blame squarely at China, without any real evidence. Jim Lewis, a cyber expert with the Center for Strategic and International Studies who was briefed on the hacking discovery by McAfee, said it was very likely China was behind the campaign because some of the targets had information that would be of particular interest to Beijing. "Everything points to China. It could be the Russians, but there is more that points to China than Russia," Lewis said.
The facts of the case, as presented by McAfee's report
- Botnet-like malware communicating with a single C&C (Command and Control) server was found on the 72 infected computers.
- A variety of different exploits were used to gain access to the victims computers, largely through spear phishing type attacks.
- 72 organisations were identified across a swathe of areas including government, industrial, technology, defense, sporting, corporate and non-profit NGOs.
- 49 of the victims were from the USA.
- There was no evidence presented of any specific or important data being lost.
- There was no mention of the total number of unique IP addresses that were found to be infected.
As Graham Cluley of Sophos' Naked Security Blog stated "What the report doesn't make clear is precisely what information was stolen from the targeted organisations, and how many computers at each business were affected." Cluley decried the way the media has rushed to blame China for the attacks. "I don't think we should be naive. I'm sure China does use the internet to spy on other countries. But I'm equally sure that just about *every* country around the world is using the internet to spy. Why wouldn't they? It's not very hard, and it's certainly cost effective compared to other types of espionage." he wrote.
Hon Lau from Symantec has poured cold water on the "biggest cyber attack" headlines surrounding the case - "While this attack is indeed significant, it is one of many similar attacks taking place daily." He also outlines the way the attackers used spear phishing to target individuals, typically through email attachments including Word documents, Excel documents, PDF files or PowerPoints. "These files are loaded with exploit code, so that when the user opens the file the exploit code is executed, resulting in the computer becoming compromised." he wrote.
One thing is for sure, it may not have been the biggest cyber attack in history, but it is certainly one of the most successful infosec media releases ever made, and for that McAfee must be congratulated: at least it has again focused some much needed attention in the media for such an important topic.
Subscribe to posts via RSS