The White House said Wednesday that it is aware of the widespread "Operation Shady RAT" hacking effort, but declined to say which particular U.S. agencies were affected.
"We are aware of this report and its contents. While we do not comment on outside reports, detecting and blocking cyber intrusion is a key cyber security goal for this administration, working across government and with the private sector," White House press secretary Jay Carney said during a Wednesday briefing. "Cyber threats to information and communications infrastructure pose an economic and national security challenge for the United States and our partners, which is why the President has made cyber security one of his top priorities."
Earlier this week, security firm McAfee released a report that provided details on "Operation Shady Rat," a hacking campaign dating back to 2006 that targeted multiple U.S. government agencies, the United Nations, foreign governments, and many technology companies and defense contractors. McAfee said the effort took down 72 targets, making it perhaps the largest concerted hacking attempt in history. What's more, McAfee suggested that "thousands" more could've been affected.
The report, however, didn't specify which agencies were affected, except to say that "Shady RAT" involved four U.S. government agencies, four U.S. state governments, county governments in Northern and Southern California and Nevada, as well as 12 unidentified U.S. defense contractors.
"On the issue of which agencies were affected, we are working with all federal departments and agencies to deploy defensive tools, such as the Einstein Intrusion Detection and Prevention systems," Carney said yesterday.
The Einstein system is intended to provide the government with early warnings about cyber attacks against federal networks, near real-time identification of malicious attacks, and automated disruptions of those strikes. The first version of Einstein dates back to 2003 and the second phase rolled out in 2008. It is now deployed at 15 out 19 departments and agencies and in 2010, Einstein 2 sensors picked up 4.5 million "hits," or alerts based on pre-determined intrusion detection signatures. The Department of Homeland Security is currently working on Einstein 3, "which will provide DHS with the ability to automatically detect and disrupt malicious activity before harm is done to critical networks and systems," DHS said in June.
"As with all intrusions, we employ an 'all of government approach,' with the appropriate agency in the lead. We refer you to DHS and FBI for more information," Carney said.
Those agencies have not yet commented on "Shady RAT."
Carney declined to discuss when the White House was told about the attacks. "I can only tell you that we are aware of it," he concluded.
In a statement, the United Nations said it was investigating to see whether or not an intrusion took place.