I smell a RAT

Yesterday, Vanity Fair published an exclusive on operation Shady RAT (remote access tool), which was a high-level hacking campaign that lasted over 5 years, compromising over 70 name brand victims in over 13 countries. For the techies reading this, McAfee has published a 14-page report [pdf] on the hack. Canadian government agencies were targeted multiple times between 2009 and 2010, 4 in total, with the Canadian hosted World Anti-Doping agency having been compromised for 14 months. F-secure has published a few examples of what the targeted emails look like. Operation Shady RAT has been described as the “biggest transer of … intellectual property in history.”, one that could pose a serious economic threat on a global scale. It is suggested it was the work of one specific operation conducted by a single actor/group. “All the signs point to China,” says James A. Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies, adding, “Who else spies on Taiwan?”. Alperovitch (McAfee) said he divides all Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.

This happening as British Columbia, and Canada, race to implement wireless smart meters, electronic health records, and electronic voting, each of which could be compromised by my small organization, should we be given the opportunity. Perhaps we should wait until the security tools are in place that I can’t suggest they could be compromised so easily.