UK defence contractor and security firms suffer cyber attack

Leading security firm McAfee has revealed that a UK defence contractor and cyber security firm have both been the victims of lengthy criminal intrusions.

Dmitri Alperovitch, vice-president, threat research at McAfee, announced the findings in his blog, along with data showing that 72 organisations were found to have been successfully penetrated.

Although they did not reveal the names of the organisations in question, they did state that the cyber security firm had been infected for six months in 2008, while the defence contractor had been infected for 12 months in 2009.

It is not currently known what information the cyber criminals may have had access to, but given that one of the companies in question supplies the UK defence industry, it is possible this information included sensitive military and government documents.

McAfee found evidence of these intrusions after it gained access to a command and control server used by the hackers to penetrate networks and steal information.

Some of the organisations targeted included various Olympic committees and not-for-profit bodies, which Alperovitch said could indicate that a foreign state was behind the attacks.

"The interest in the information held at the Asian and Western national Olympic Committees, as well as the International Olympic Committee and the World Anti-Doping Agency in the lead-up and immediate follow-up to the 2008 Olympics pointed the finger at a state actor behind the intrusions, because no real commercial benefit was likely to come from such hacks," said Alperovitch.

"Hacking the United Nations or the ASEAN (Association of Southeast Asian Nations) Secretariat is not likely to be the main motivation of a group interested only in economic gains."

McAfee said that entry into the organisation's network was made via a spear-phishing attack.

This attack involves a trusted employee opening an email containing an exploit, which then triggers a malware download. This malware allows the command and control server to access the network, often without the organisation's IT department ever detecting it.