Note: The Skinny blog is written by Rick Smith, editor and co-founder of WRAL Tech Wire and business editor of

RESEARCH TRIANGLE PARK, N.C. – Cyber espionage is a constantly growing, increasingly effective tool to steal and sabotage private enterprises – especially defense contractors – and governments, so why do so many executives and officials turn deaf ears to threat warnings?

Perhaps an absolutely chilling report from security firm McAfee that was issued Tuesday along with two in-depth articles in Vanity Fair will awaken everyone.

That means you – if you work for a company or agency that has anything of value.

Dmitri Alperovitch, vice president for Threat Research at McAfee, concludes his report with a warning:

“This [cyber threat] is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing.”

Alperovitch spells out in great detail McAfee’s findings of its lengthy review that McAfee calls “Operation Shady RAT.” Rat refers to the acronym for “Remote Access Tool,” one of a hacker’s best weapons.

Disclosures about “hacks” on major corporations, such as Google in its fight with China and that of EMC software firm RSA, which is most likely the most embarrassing given RSA’s vaunted security reputation, aren’t new. But the scale, persistence and results of the hacker offensive are breathtaking.

“What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth—closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA [supervisory control and data acquisition] configurations, design schematics and much more has ‘fallen off the truck’ of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries,” Alperovitch wrote.

Just how wide spread is the problem?

“Having investigated intrusions such as Operation Aurora [Google attacks] and Night Dragon (systemic long-term compromise of Western oil and gas industry), as well as numerous others that have not been disclosed publicly, I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact,” he said.

“In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.”

For fascinating details and insight into the problems, read these two stories from Michael Joseph Gross in Vanity Fair:

“Operation Shady Rat”

“Enter the Cyber-dragon”

For the McAfee report, read here.

Your homework assignment after reading these reports: Check your security plans – and double-check them.

If you don’t have one, it may be too late. Your company’s precious IP may be residing on a server on the other side of the planet helping a competitor beat you to market – or in the market.

Former NSA, CIA chief to speak in Raleigh

Want some first-hand experience in talking with someone involved directly in cyber warfare?

Michael Hayden, former chief at the CIA and NSA and the only person to hold both jobs, will be in Raleigh to keynote the seventh Raleigh Spy Conference put on by Bernie Reeves, publisher of Metro Magazine.

Hayden is quoted in the Vanity Fair “cyber-dragon” report about Google’s fight with Chinas.

“Google is not a state,” Hayden said. “But what constitutes Google’s inherent right of self-defense in this new environment against this kind of attack?”

Read more about the conference here.

Get the latest news alerts: Follow WRAL Tech Wire at Twitter.

(Note: I am also a contributing writer to Metro Magazine.)