Rep. Mary Bono Mack, chair of the influential House committee that oversees information security, is asking for more information about the Shady RAT attacks that McAfee publicized last week, saying that the “details of the report are alarming at the least,” and asking that researchers brief members of the committee.
In a letter to Dmitri Alperovitch, the head of McAfee’s threat research team, Bono Mack said that the nature and scope of the Shady RAT operation as described by the company in a blog post last week means it is something that the committee needs to be aware and apprised of. She sent a list of questions to Alperovitch, many of which are fairly broad.
The request for a briefing is not unusual in and of itself, as members of Congress often get such briefings from companies on highly technical topics. But those are typically arranged and done in private and the requests are not made via letters released to the general public. Bono Mack has been involved in legislative efforts regarding cybersecurity and has held a number of hearings as chair of the House Subcommittee on Commerce, Manufacturing and Trade on the topic.
“The Subcommittee on
Commerce, Manufacturing, and Trade has jurisdiction over cyber security
and data security and has engaged in a multi-year oversight effort into
the effects on consumers, our international competitiveness, and the
economy as a whole. As the Subcommittee continues its oversight in this
matter, I request a briefing from your security threat research team to
inform our efforts,” Bono Mack wrote in the letter.
The focus of her interest in the Shady RAT attacks, which reportedly targeted myriad government agencies, defense contractors and other private companies over a period of several years, lies in the techniques that the attackers used, whether such attacks are the coming thing and what the government and enterprises can do to prevent or mitigate them. Specifically, she asked Alperovitch whether the company had an idea what kind of data was taken in the attacks, whether the operators used novel techniques and whether national security information and intellectual property were bigger targets than consumer data.
The Shady RAT attack has drawn a ton of attention, both from the media and from other security teams that have begun looking into the operation. In a follow-up to McAfee’s research, Symantec dug into the details and found some interesting details, one of which is the fact that the attackers were using steganography to hide commands in image files. The command bits were woven into the data making up the images themselves, which typically are allowed to pass through untouched by most firewalls and other security systems.