When the history of 2011 is written, it may well be remembered as the Year of the Hack.

Long before the saga of News of the World phone hacking began, stories of computer breaches were breaking almost every week. In recent months, Sony, Fox, the British National Health Service, and the Web sites of PBS, the U.S. Senate, and the C.I.A., among others, have all fallen victim to highly publicized cyber-attacks. Many of the breaches have been attributed to the groups Anonymous and LulzSec. Dmitri Alperovitch, vice president of threat research at the cyber-security firm McAfee, says that for him, “it’s been really hard to watch the news of this Anonymous and LulzSec stuff, because most of what they do, defacing Web sites and running denial-of-service attacks, is not serious. It’s really just nuisance.”

“Just nuisance,” that is, compared with a five-year campaign of hacks that Alperovitch discovered and named Operation Shady rat—a campaign that continues even now, and is being reported for the first time today, by vanityfair.com, and in a lengthier report on the larger problem of industrial cyber-espionage in the September issue of Vanity Fair. Operation Shady rat ranks with Operation Aurora (the attack on Google and many other companies in 2010) as among the most significant and potentially damaging acts of cyber-espionage yet made public. Operation Shady rat has been stealing valuable intellectual property (including government secrets, e-mail archives, legal contracts, negotiation plans for business activities, and design schematics) from more than 70 public- and private-sector organizations in 14 countries. The list of victims, which ranges from national governments to global corporations to tiny nonprofits, demonstrates with unprecedented clarity the universal scope of cyber-espionage and the vulnerability of organizations in almost every category imaginable. In Washington, where policymakers are struggling to chart a strategy for combating cyber-espionage, Operation Shady rat is already drawing attention at high levels. Last week, Alperovitch provided confidential briefings on Shady rat to senior White House officials, executive-branch agencies, and congressional-committee staff. Senator Dianne Feinstein (D-CA), chairman of the Senate Select Committee on Intelligence, reviewed the McAfee report on Shady rat and wrote in an e-mail to Vanity Fair: “This is further evidence that we need a strong cyber-defense system in this country, and that we need to start applying pressure to other countries to make sure they do more to stop cyber hacking emanating from their borders.” McAfee says that victims include government agencies in the United States, Taiwan, South Korea, Vietnam, and Canada, the Olympic committees in three countries, and the International Olympic Committee. Rounding out the list of countries where Shady rat hacked into computer networks: Japan, Switzerland, the United Kingdom, Indonesia, Denmark, Singapore, Hong Kong, Germany, and India. The vast majority of victims—49—were U.S.-based companies, government agencies, and nonprofits. The category most heavily targeted was defense contractors—13 in all.

In addition to the International Olympic Committee, the only other victims that McAfee has publicly named are the World Anti-doping Agency, the United Nations, and ASEAN, the Association of Southeast Asian Nations (whose members are Indonesia, Malaysia, the Philippines, Singapore, Thailand, Brunei, Burma [Myanmar], Cambodia, Laos, and Vietnam).

In an e-mail to vanityfair.com, I.O.C. communications director Mark Adams wrote, “If proved true, such allegations would be disturbing. However, the IOC is transparent in its operations and has no secrets that would compromise either our operations or our reputation.” WADA spokesman Terence O’Rourke wrote in an e-mail that “WADA is constantly alert to the dangers of cyber hacking and maintains a vigilant security system on all of its computer programs.” He added that “WADA’s Anti-Doping Administration & Management System (ADAMS), which is on a completely different server to WADA’s emails, has never been compromised and remains a highly-secure system for the retention of athlete data.”