Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

'Operation Shady Rat' Perpetrated Five Years Of Long-Term Attacks On Government, Enterprises

More than 70 government agencies, large commercial enterprises and other organizations have been victims of a series of long-term targeted attacks resulting in the loss of sensitive information and intellectual property during the last five years, according to an investigation by McAfee. In a probe dubbed Operation Shady RAT, for Remote Access Tool, researchers gained access to one of the command and control (C&C) servers and obtained detailed insight into the victims, the information stolen and the methods used.

The attacks are continuing, McAfee says, but the sobering news is that the C&C server is just one of many.

"This is only the tip of the iceberg," report author Dmitri Alperovitch, VP of threat research for McAfee Labs said in a press conference. "We know there are hundreds or maybe thousands of servers used by this actor."

The victims include a wide range of entities. Of the 72 compromised organizations, 49 are in the United States, with the rest divided among a number of Canadian, European and Asian organizations. Among the victims were 14 U.S. government (six federal, five state and three county) agencies, as well as Canadian and Asian government and the United Nations. Thirteen defense contractors were victimized, and the communications, IT and electronics industries were hard hit.

"All this intellectual property going out the door is not just a threat to national security in terms of our country’s secrets stolen by our adversaries," said Alperovitch. "It’s also about our economic security. All these industries will feel impact of all their R&D being stolen and potentially recreated in other countries, and being marketed as cheaper and better goods."

All but a few of the organizations remain anonymous at their request, along with the precise nature of the information stolen. McAfee says the organizations were all informed of the details of the breaches. Law enforcement and other appropriate agencies were notified, and White House and Congressional staff were briefed.

McAfee characterizes these intrusions as true examples of advanced persistent threats (APTs), demonstrating that these types of targeted, enduring attacks seeking intellectual property and government/organization secrets are not new, even if the acronym is. Although nine of these intrusions lasted less than a month, the rest persisted during a number of months before they were terminated. Many lasted for more than 10 months, and the longest, against an Asian nation Olympic Committee, lasted 28 months.

The attacks followed a standard pattern, starting with a spear-phishing email containing an exploit sent to a key individual in the organization. The exploit on an unpatched system triggers a malware download. The malware opens a backdoor communications channel to a C&C server. Live intruders then use the compromised machine to escalate privileges, move out through the organization, and locate and exfiltrate the information they are seeking.

See more on this topic by subscribing to Network Computing Pro Reports Beware the SQL Injection (subscription required).

Related Reading

More Insights

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

WAN Security Reports

Research and Reports

Network Computing: April 2013

TechWeb Careers