Details of "Operation Shady RAT"--a years-long campaign of hacking and cyber-espionage that's targeted the U.S. government, the U.N., the International Olympic Committee, and numerous other agencies and corporations worldwide--were released by security firm McAfee this week.
So far, most of the evidence gathered seems to point to China as the likely perpetrator behind Shady RAT, which is McAfee’s name for the operation. But the U.S. and the West also have other potential cyber-enemies to be wary of. Here's a breakdown of the five most likely parties with the resources and the will to carry out similar campaigns.
Easily the most significant cyber-threat. Not only are Chinese hackers suspected to be behind Operation RAT, but they're also the likely perpetrators of earlier hack attacks against Google and other incidents in recent years. The political value of the targets, including some in Taiwan, would also seem to indicate at least some level of tacit knowledge of the hacking activities by the Chinese government, if not full-blown support. If that's the case, then Chinese government-sponsored hacking represents by far the greatest cyberwar threat, given the nearly limitless resources China's ruling Communist party has been known to throw into pet projects.
McAfee says that by comparison to what it uncovered in Operation Shady RAT, the Anonymous/Lulzsec brand of hacking is "just nuisance." So far, the hacker collectives have limited their activities largely to defacing websites and leaking embarrassing or private information. They also claim to have retrieved a number of files from a NATO server that they said they would not release because it would "be irresponsible" to do so. Ethical code or not, such a breach represents a dire threat to any military force or other agency that relies on secrets to operate.
A low-level cyberwar between Iran and the United States and/or Israel could already be under way, depending on who you ask. Reports of Iranian hackers going after U.S. targets began to circulate more about five years ago, with an attack on Twitter in 2009 drawing the most attention. Then came the Stuxnet worm. It's believed that a Western country, perhaps the U.S. or Israel, released it to infiltrate Iran's nuclear facilities. Ever since then, it's been game on. Iranian hackers continue to vow revenge and go after American targets fairly regularly. It's unclear how much involvement the Iranian government has in the attacks.
So far, the Internet has been used primarily as a recruiting tool for terrorism, but more groups of jihadist hackers have been making themselves known lately, include one that declared a "cyber jihad" following the death of Osama bin Laden. The threat of cyber-terrorism is not just limited to jihadis, either. Hackers have been known to fly the banner of any number of extremist causes.
Any number of groups, governments or even individuals pose a potential cyberthreat. Remember who pulled off the Sony PlayStation Network attack? Me neither, because although Anonymous was suspected, no one ever took responsibility, and it doesn't fit the Anonymous M.O. Anonymous itself seemingly appeared from the ether. There's no reason a more malicious group couldn't do the same.