Lawmaker asks for McAfee briefing as rivals question cybersecurity report

Rep. Mary Bono Mack, R-Calif., wants more details from McAfee on the company's recent assertion that it had detected a massive cyberattack on governments, organizations, and businesses.

In a letter to McAfee that she sent on Wednesday, Mack requested a briefing by the online-security company's staff. Last week, McAfee released a report that identified what it dubbed "Operation Shady RAT," a five-year effort by "one specific actor" to hack at least 72 networks around the world.

"The details of this report are alarming at the least," Mack wrote. She requested more specific information on the nature of the attacks and, with a nod to her data-breach proposals, asks whether more disclosure would help reduce the threat.

Mack, who chairs the Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade, has introduced a bill that would require companies to deploy adequate security measures to protect personal data, as well as notify consumers if their information is lost. Her panel approved Mack's bill on July 20, despite concerns from Democrats that the legislation could weaken consumer protections.

McAfee called the attacks "nothing short of a historically unprecedented transfer of wealth," but competing computer-security companies have begun to raise doubts about the report's claims.

"McAfee makes two interesting assumptions: first--that a series of attacks has taken place; second--that valuable data has been stolen," chief security expert Alex Gostev of Kaspersky Lab said in a blog post. "However, the report contains nothing on what particular data has been stolen or how many computers in each organization were hit by the attacks.... Until the information in the McAfee report is backed up by evidence, to talk about the biggest cyberattack in history is premature."

Symantec said it had confirmed some of the report's findings, but it played down the attack's effects. "While this attack is indeed significant, it is one of many similar attacks taking place daily," the company said in a statement.

And Graham Cluley of the security firm Sophos said that the report leaves many questions unanswered.

"What the report doesn't make clear is precisely what information was stolen from the targeted organisations, and how many computers at each business were affected," he wrote on his blog. "I can't help but feel that we can't call 'Operation Shady RAT' (McAfee's name, by the way) the biggest ever cyberattack without having questions like those answered."