The Nerve Center of the World's Biggest Cyber Attack
See that screenshot above? That's the nerve center for Operation Shady Rat, the newly notorious cyber attack possibly set up by some government-sponsored Chinese hackers. I just spent the last 30 minutes exploring it and managed not to get cyber-annihilated. No big deal. (Seriously, it wasn't.)
Last week, computer security company McAfee scared everyone by announcing the discovery of Operation Shady RAT. Billed as the "world's largest cyber attack," Shady RAT infiltrated the networks of dozens of high profile international targets over five years, including the Associated Press, the United Nations and the Anti Doping Agency.
Experts believe the attack was orchestrated by the Chinese government. But it was all carried out through a "command and control" server still located at an unassuming URL, which was uncovered by security researchers soon after the McAfee report hit. The site is remarkably non-covert for allegedly being behind the most extensive cyber espionage operation yet uncovered. It's a directory of a bunch of booby-trapped files used in Operation Shady RAT. You can easily find it via Google, but we're not going to link to it as the thing is still active and every click could put your computer into the hands of mysterious international hackers.
Many files are text-only web pages that appear to be programming how-tos, but are actually designed to install Trojans on any hapless visitors' computer who stumble on them via Google, or are tricked into visiting them by a phishing email, as explained by computer security firm Symantec. Some others are images, like the pretty lady and landscape to the right; hidden inside the image files are commands instructing the Trojan to attempt to break into a victim's system. Then there are cryptic text files referring to the Chinese Olympic Committee and various advanced computer systems. The site also features a handy traffic dashboard, showing that visits have skyrocketed since McAfee blew up Operation Shady RAT—probably mostly due to curious computer security professionals.
That's right: After years of costly attacks, the Shady RAT command and control server still remains active and accessible to anyone, possibly adding to its already-impressive list of victims and sending the illicit data to some shadowy Chinese overlord as you read this. According to the Tech Herald, there have been more than 90 victims since 2005, including the Associated Press, Thomson Reuters, the United Nations and a number of defense contractors.
Steve Ragan, a writer for The Tech Herald, thinks it's strange that Operation Shady RAT has hit such high profile targets but still hasn't been shut down. Back in 2008, for example, logs show federal defense contractor ManTech was netted by Shady RAT.
"Here's a company that is skilled in technology. I know... they detected the attack," Ragan said. "McAfee wrote a whole report on this. Why is it still there?"
Like its origin, Shady RAT's continued existence is a mystery. The command-and-control server's web hosting company, IX Webhosting, didn't respond to a request for comment. Maybe they're keeping it around in impeccable shape until it can be put into the Smithsonian. [Hacked images via Symantec]
Previously: World's Biggest Cyber Attack Revealed to Have World's Dumbest Name