Congresswoman Mary Bono Mack (R-CA), Chairman of the House Subcommittee on Commerce, Manufacturing and Trade, has requested a security briefing from representatives at McAfee.
Bono sent a letter to Dimitri Alperovich, McAfee's vice president of threat research seeking more information about the company’s recent report entitled Revealed: Operation Shady RAT.
The report reveals McAfee’s findings regarding a widespread global hacking operation thought to have been taking place over the past five years.
Bono's letter requested the following information:
The full letter can be viewed HERE.“The Subcommittee on Commerce, Manufacturing, and Trade has jurisdiction over cyber security and data security and has engaged in a multi-year oversight effort into the effects on consumers, our international competitiveness, and the economy as a whole. As the Subcommittee continues its oversight in this matter, I request a briefing from your security threat research team to inform our efforts,” wrote Bono Mack. Specifically, I would like more information on the following questions:
1. While the report suggests the high-profile intrusions of recent months that garnered significant media attention are neither sophisticated no novel, are they representative of intrusions we should expect to continue? How do these unsophisticated intrusions differ from the intrusions that were the focus of your report? Are such intrusions something the government and private sector can effectively prevent or mitigate on a continuing basis?
2. If these intrusions can be classified as more "unsophisticated" and "opportunistic," what is the threat of the more "insidious" intrusions on which McAfee has focused in recent years? How can we effectively prevent or mitigate these more insidious intrusions?
3. The report suggests that the more insidious intrusions are more likely to occur without public disclosure. Would more public disclosure help or harm industry efforts to fight this type of cybercrime?
4. The report states that McAfee's security threat research team was "taken aback by the audacity of the perpetrators." Did the logs analyzed by McAfee reveal novel techniques or patterns that would be helpful in our efforts to combat cybrercrime?
5. While the report concludes that most of the hacker's targets were government agencies, quasi-government agencies, or government contractors, did the logs analyzed by McAfee reveal any whether any consumer's sensitive or personal information was exposed or obtained by the perpetrator? If so, what types of data were potentially acquired by the cyber criminals?
6. The report suggests intellectual property and national secrets were the primary targets of the attacks. n terms of trends, what is the great er target: intellectual property and national security information, or consumer information that can be used to perpetrate identity theft?
7. The report describes "a historically unprecedented transfer of wealth" over the last 5 to 6 years. Is McAfee aware of any estimates that quantify the financial impact on the U.S. businesses, consumers, and our economy at large?