The Adobe Flash Player is required to view this multimedia interactive. Get it here.

WPAFB could be targeted in cyber attack, expert warns

5-year-long attack should be a wake-up call for area, expert says.

New pool at 'The Heights' opens
5/27/12
Huber Heights suing consultant for more than $50,000
5/26/12
4 arrested for OVI at Kettering checkpoint
5/26/12
Man found dead at bar; police seek suspect
5/26/12
Turner adopts role for Romney campaign
5/26/12
> More headlines

By Thomas Gnau, Staff Writer Updated 1:28 PM Thursday, August 4, 2011

Local observers say a five-year-long cyber attack against American companies, state governments and the United Nations should be a wake-up call for Dayton and its mix of government and private employers.

Dubbed “Operation Shady RAT”, the attack was aimed at more than 70 targets, said computer security firm McAfee Inc. in a white paper (authoritative report) released Wednesday.

“I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly),” wrote the report’s author, Dmitri Alperovitch, McAfee vice president, threat research.

McAfee did not say who may be behind the attacks, but says the culprit is likely a nation state.

The report is short on specifics, as the security firm is not naming most of the victims, nor is it stating exactly what data were stolen.

Most of the victims are in the U.S. Other victims were in Canada, South Korea, Taiwan, Japan and nine other countries.

Possible attacks against utilities, traffic control systems and financial centers should force us to weigh the threats and start crafting developing technology to guard against them, said Susan Brenner, an NCR distinguished professor of law and technology for the University of Dayton School of Law.

“What I find unfortunate is it’s presented as an isolated incident,” Brenner said Wednesday. “This stuff goes on all the time.”

She thinks the Dayton area — home to Wright-Patterson Air Force Base, which oversees plenty of Air Force research, and a concentration of defense contractors — could be a target. She fears that it may take an unsettling widespread attack — against power grids in the middle of winter, for example — to get more people to care about the issue. “We haven’t seen the big scary ones (attacks), shutting down the power plants,” she said.

Scott Campbell, director of technology for the Miami University School of Engineering and Applied Science, hopes it won’t take a devastating attack to alert citizens to the dangers.

More computer users may have to use more secure networks or VPNs (virtual private networks), signing in first to a secure network before connecting to websites or other networks. “Computers have become so pervasive in our society that people need to be become more aware that we’re going to have to give up some ease of use,” Campbell said.

Vikram Sethi, director of the Institute for Defense Studies and Education at Wright State University, believes these attacks will get wider and worse. This summer, the institute introduced training programs to defend against cyber attacks.

“Most people do not realize how bad the situation is,” Sethi said. He doesn’t think business or government is prepared “technically and philosophically” to fight the attacks, especially when the resources of some hackers “far exceed” what is being used to defend against them. “We simply haven’t invested enough, not just in the IT infrastructure, but in people capabilities,” Sethi said.

That’s where reports such as McAfee’s can help, one observer said.

“It doesn’t hurt to have reminders of it from time to time,” said Allan Buxton, a forensic computer specialist at the Bureau of Criminal Identification and Investigation in the Ohio Attorney General’s Office.

The Associated Press contributed to this report.

Recent large data breaches

June 2011: San Diego-based Privacy Rights Clearinghouse found that more than 25,000 private records from Ohio school districts, hospitals, retirement benefits firms and others have been hacked, stolen or inadvertently leaked so far this year.

May 2011: Lockheed Martin said it was the recent target of a “significant and tenacious” cyber attack, although the company and Homeland Security say the hack was thwarted before critical data was stolen.

April 2011: U.S. lawmakers begin pressing Sony Corp. for information about the loss of personal data in a breach that affected 77 million accounts on the company’s PlayStation Network.

December 2010: Ohio State University says unauthorized users accessed a computer server containing personal information on about 760,000 current and former faculty, staff, students and others.

August 2010: In what was called the “most significant breach of U.S. military computers ever,” a foreign spy agency intruded into Pentagon computer networks ever by inserting a flash drive into a U.S. military laptop. The previously classified incident took place in 2008 in the Middle East.

Share this article