Security vendor McAfee has fired back at criticism that its report on Operation Shady RAT (.pdf) was alarmist.

McAfee outlined its findings earlier this month of advanced persistent threats and cyber espionage conducted on "corporations, government agencies, defense contractors and nonprofits" over several years. The result was the possible plundering of intellectual property from more than 72 organizations, says McAfee.

The report has drawn the ire of some security vendors, who do not consider the attacks particularly sophisticated. Eugene Kaspersky posted in his blog last week that "we consider those conclusions to be largely unfounded and not a good measure of the real threat level." Kaspersky also accused McAfee of "deliberately spreading misrepresented information."

Phyllis Schneck, chief technology officer and vice president of the public sector at McAfee, countered in a blog post Friday that the sophistication of an online attack does not play a part in the company's report.

She offered an analogy: "If a bank robber gets $100 million by walking in the front door with a gun, it's news--not because the attack is novel, but because of its effectiveness."

But this seems a step back from initial assessments made by McAfee's threat research VP and author of the report, Dmitri Alperovitch, who was quoted as saying, "If you think this is an unsophisticated botnet then you've got no clue, or you're not willing to talk about it."

To me, the truth lies somewhere in between. For sure, learning of years-long efforts at penetrating organizations for the purpose of industrial espionage and theft is scary stuff and should be sounded out.

With the tools used for the break-in hardly novel though, it appears McAfee is not beyond trying to milk publicity out of the report.

For more:
- check out this article at InformationWeek
- check out this article at SC Magazine
- check out this blog post from McAfee

Related Articles:
Shady RAT: McAfee uncovers unprecedented series of hacks, suspects 'state actor'
Real-life disruption after DDoS attack on Hong Kong stock exchange site
Get to know these top 5 cyber enemies
Know your hackers, from Anonymous to Zeus