Congress is digging deeper into McAfee’s recent report that uncovered one of the largest series of cyber espionage activities to date.
Rep. Mary Bono Mack, R-Calif., chairman of the House Commerce subcommittee, requested a detailed briefing of the extent, effects and capabilities of the cyber attack in a letter sent yesterday to the report’s author, Dmitri Alperovitch.
In the letter, Bono Mack expressed her concerns over the details of the massive operation and asked how the government and private sector could more effectively mitigate data breaches.
The report, dubbed “Operation Shady RAT,” was released last week by McAfee and revealed that some 72 organizations and governments around the world fell victim to a massive, five-year long cyber attack carried out by an unnamed, specific state actor. Of the 72 victim organizations, 49 are based in the United States, with 14 listed as U.S. government entities and another 13 as defense contractors. Other targeted countries include Taiwan, Vietnam, South Korea, Canada and India, among others.
“[The subcommittee] has jurisdiction over cyber security and data security and has engaged in a multiyear oversight effort into the effects on consumers, our international competitiveness, and the economy as a whole,” she wrote to Alperovitch. “As the subcommittee continues its oversight in this matter, I request a briefing from your security threat research team to inform our efforts.”
Alperovitch, McAfee’s vice president of threat research, explained last week that the full extent of the data breaches remains largely unknown. However, Bono Mack hopes he can outline for her the ways in the government and private sector can implement proper defenses to prevent similar attacks. She also asked in the letter whether hackers consider intellectual property and national security information a greater target than personal consumer information.
Her letter also requested information on the potential impact the data breaches might have on the American economy.
According to Alperovitch, Operation Shady RAT is a comprehensive analysis of an examination of logs that reveal the full extent of the victim population since mid-2006. It discovered the compromises were executed through standard spear-phishing emails that initiated communication channels and deployed a series of data exfiltration activities.