Shady Rat: The Biggest Cyber-Attack of Its Time - Research Paper

Introduction

Shady Rat (Remote Administration Tool) refers to a series of attacks, and the first was reported in 2006. Shady Rat was a potential largest cyber-attack that was intended to phish data using custom code. Approximately 71 organizations were attacked between 2006 and 2011. The first organizations to be attacked included the US county government, Taiwan Government, US State Government, United Nations, as well as the Canadian government (Alperovitch, 2011). Shady Rat was used in the cyber-attack conducted by Chinese in the American cyberspace.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

How Did The Cyber Incident Come About?

The attack occurred in three stages, the first one being the selection of the target organizations. The attackers then created emails and sent them to different people in the selected organizations. This stage involved the phishing and installation of Trojan (Alperovitch, 2011). The attackers were tactical in that they created a subject that they were sure would be interesting to the recipients, thereby motivating them to open the email. They used subjects like budgets, contact lists as well as rosters. The attackers employed social engineering skills, and upon opening the email, the recipients found that their information was as indicated in the subject. They attached files in the form of Microsoft Word, Excel, PowerPoint as well as PDF documents. The files contained an exploit code, and upon opening, the computer was immediately compromised.

The second stage involved the execution of the Trojan, and it was connected to a website that was hardcoded. The URLs created were unsuspicious, and since the attackers hid the commands. The firewalls are configured in a way that it is possible to allow HTML and image to pass through HTTP (Alperovitch, 2011). The files looked legit, so the recipients opened them and their computers, and subsequently, their data was accessible to the attackers. The attackers used steganography to hide the commands, and they were mathematically generated and invisible.

The third stage of the attack was data collection, and it was collected when Trojan received a command (Alperovitch, 2011). The Shady RAT attacks took undertaken remotely, and the attackers issued commands to the computers that were compromised. The Trojan facilitates the checking of the activities in the computers, and after collecting the data, it is easy to upload to the attacker using a specific command.

The United States national security systems are prone to Chinese espionage. The Department of Defense, for example, reported that each year their networks are targeted approximately 50,000 times. All these targets are not from China, but it is the dominant threat to the DOD networks. In 2013 China was accused by the department of cyber espionage. This report indicated that China was supporting intelligence collection of data related to economic, defense as well as U.S diplomatic (Alperovitch, 2011).

One of the attacks in the United States was on the National Aeronautics and Space Administration (NASA) (Martinez, Cappuccio, & Tomko, 2013). In 2012 it was reported that an intrusion had occurred into the Jet Propulsion Laboratory network. The intrusion originated from China IP addresses. The attack was so severe to the extent that some of the Lab's network disconnected. A rogue Raspberry Pi facilitated the hacking, and the hackers were able to obtain 50 megabytes of data during a single attack. Additionally, rogue Raspberry Pi enabled the hackers to access the JPL's network in depth.

The cyber incident came about due to consumer technology that made it easy for hackers to access the network and steal the data (Alperovitch, 2011). Data was obtained through a rogue Raspberry Pi connected to the network. The computer was connected to the internet, so the hackers were able to access all the networks in a similar network with Raspberry.

The access to the Deep Space Network posed a threat because it contains the systems that are highly sensitive as they have radio antennas that are used in communication between NASA and spacecraft that are far (Alperovitch, 2011). The theft of such information is a threat to the security of the country. This security breach prompted Johnson Space Center to disconnect vital projects such as Orion Multi-purpose Crew vehicle from the network. The International Space Station was also disconnected, among other projects. Some of the connections remain restricted even up to date, while others were reconnected to the system.

The network was a shared network hence the ease of accessing other systems connected to the same network (Martinez, Cappuccio, & Tomko, 2013). The attacks on the other systems could have been prevented by having a well-segmented network. The network hardware used in the JPL system is not complete and maintained effectively. Additionally, the network is not checked regularly to detect any malicious activities such as the devices that are connected to it. The Multiple IT security control used in NASA's network inhibits the prevention, detection, as well as mitigation of the attacks to its systems.

The Foreign Policy and International Relations Context of the Action

The issue of cybersecurity has created friction in the relationship between the United States of America and China. The countries have no trust in the cyber actions of the other as they are unsure of the long term intentions behind. The attacks threaten the security, political as well as economic advantage of the United States of America (Harold, Libicki, & Cevallos, 2016). China is accused of stealing intellectual property from companies of the United States and using it to enhance their economy.

There is a great need for finding a solution for the deteriorating international relations between nations because of the data breach (Harold, Libicki, & Cevallos, 2016). A country that has been affected by an attack such as Shady RAT is likely to minimize its trade relations with the attacking country because they believe that the country may have the malicious intention of dragging them down either in terms of security, politically or economically.

Information is power, and breaching the data of another country is something that should be condemned and strict actions taken against the attackers. There should be a universal consensus on curbing cybersecurity (Harold, Libicki, & Cevallos, 2016). The nations should come together and have agreements and agreements regarding intellectual property. In the case of Shady RAT attacks, all the countries that were affected ought to come together and create an agreement that would hinder the occurrence of such attacks. After the attacks, China proposed the creation of an International Code of Conduct for Information Security.

The major complaint of the United States of America against China is the intrusion into the American systems and theft of their intellectual property. The information is estimated to be of a value of $ 300 billion per year (Harold, Libicki, & Cevallos, 2016). China, however, indicates that it has also been a victim of cyber-attacks carried out by the United States of America. The two countries are concerned about each other on how they use the data that they obtain in each cyber-attack. The suspicions are greatly affecting international relations as well as the bilateral relations of the two nations.

Impact of the Shady Rat Incident on the Target

The Shady Rat attack was experienced in different countries around where many companies have been affected by the attack. The attacks used different techniques; therefore, the companies were affected differently depending on the technique of attack used (Gross, 2011). Among the impacts of the Shady Rat cyber-attack is that many governments around the world were affected when their data was stolen and destroyed during the attack. The key information that the governments use to serve the people was destroyed, leaving the governments with no data of its citizens and various services that the governments offer to the people. The malware used in the attack was installed in the computers belonging to the government, and the employees were not able to access the information contained in the computers.

The government also incurred a financial loss because they lost key financial information. The governments could not ascertain the services and expenditure that the government and transacted; therefore, the government incurred some expenses severally (Gross, 2011). The governments affected by the attack spent resources to set up a new technological infrastructure that was destroyed by the attack, such as buying new computers that were affected by the attack. The governments had also to hire employees to maintain the new infrastructure set up by the affected countries. The government agencies, such as security agencies, lost critical private information that can be used by enemies to attack the United States. The government agencies feared that the data might have got distorted and altered during the attack; hence the government agencies that were not attacked were left in a dilemma whether to continue using their data or not.

Another impact of the Shady Rat cyber-attack is that it created the need for companies and state corporations to put up measures that protect the companies for cyber-attacks. Before, many companies and agencies never saw the need to upscale their technologies and ensure they are safe from cyber-attacks (Gross, 2011). More students began to be taught cybercrime because it was discovered that there is a shortage of cyber-security professionals who could offer assistance and security to the companies. More students around the world joined universities to pursue an education in cyber-security and fill the gap in the market (Robinson, Gribbon, Horvath, & Robertson, 2013). The companies that were affected installed technologies that prevent similar attacks from affecting the companies in the future. The profession of white hat hackers emerged where the hackers find the loopholes that exist in the technology used by companies to identify potential threats and taking necessary measures to prevent the threats from happening.

The denial of service caused by the attack led to many services getting affected because they could not access the services they used to get from the agencies that were affected by Shady Rat (Gross, 2011). When the people could not get the services they used to get from the government agencies, they lost trust in the agencies, which was challenging to restore. There was a perception created among the people of the possibility of the attack reoccurring hence the fear of the data being lost.

Reaction to the Shady Rat Incident by the Target

New agencies were also formed to monitor activities that happen online and identify potential threats that might happen over the internet. Cybercrime laws were also legislated to guide the stakeholders on the procedure to take when cybercrime criminals get arrested and prosecuted for crimes in cyber-crime (Maria, 2016). There were challenges that existed in dealing with cyber-crime before the laws were set up. More discoveries were made to strengthen the security of technologies that are used in companies and agencies to prevent possible attacks (Maria, 2016). The agencies formed to monitor activities online work in collaboration by sharing information to ensure that no event pass undetected on the internet. Technology is rapidly growing; therefore, there was a need for more technological experts to handle the new challenges that come up as more people embrace technology.

The scientists were tasked with the responsibility of developing technologies that would prevent cyber-attacks by detecting any attempts early enough. The technologies invented include the use of firewalls and other technologies that detect and prevent any c...