Skip to main content

UN among victims of biggest series of cyber attacks ever

united nations building in nycNews of yet another computer security breach has emerged which appears to be so monumental that the word ‘hack’ seems inadequate – how about a mega-hack? Or simply a thwack?

According to a Reuters report on Wednesday, security company McAfee believes it has uncovered the largest series of cyber attacks yet, with 72 big organizations from around the world hit. McAfee said it thought a single “state actor” perpetrated the intrusions, and though it refused to name names, Reuters said that “one security expert who has been briefed on the hacking said the evidence points to China.”

Among the victims are the governments of the US, Taiwan, India, South Korea, Vietnam and Canada; the United Nations; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and a large number of companies, including those in the defense and high-tech industries.

The ongoing attacks are believed to have been carried out over a period of five years, beginning in 2006. McAfee discovered the extent of the intrusions in March of this year.

The company said that hackers had, for example, infiltrated the computer system of the UN Secretariat in Geneva three years ago, hiding undetected for some two years while secretly examining vast swathes of confidential data.

McAfee believes some of the security breaches lasted a month while one, on the Olympic Committee of an unnamed Asian nation, continued sporadically for almost two-and-a-half years.

In a report issued by McAfee on Wednesday that was examined by Reuters, Dmitri Alperovitch, the security company’s vice president of threat research, wrote: “This is the biggest transfer of wealth in terms of intellectual property in history. The scale at which this is occurring is really, really frightening. Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators.”

He continued: “What is happening to all this data … is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat.”

And evidently in no mood to mince his words, he added: “Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors.”

All of the victims have been notified by McAfee and are now in touch with local law enforcement agencies.

Recent cyber attacks by hacking groups Anonymous and LulzSec have been getting a lot of attention, but they somehow pale into insignificance when put up against the scale of this latest, more sinister, mass security breach, carried out by what McAfee is calling one “state actor.”

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hackers may have stolen the master key to another password manager
keepass master password plain text vulnerability open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more
This clever browser extension could banish viruses for good
A person using a laptop on a desk with a web browser showing the HubSpot marketplace on their screen.

With all the viruses, phishing scams and other malware lurking on the internet, using a web browser can be risky business these days. But one firm thinks it could make your web surfing much safer without adding any hassle.

A company named SquareX has just raised $6 million to develop an extension that would create virtual sandboxes within your web browser. Any time you’re tempted to open a file or click a link that comes from an unknown sender or could potentially pose a threat, SquareX’s extension would step in and let you open it in a kind of disposable browser.

Read more