Possible China links in oil company cyberattacks
ExxonMobil, Marathon, ConocoPhilips attacked, the Christian Science Monitor reports
CareerJournal - At least three U.S. oil companies were hit by a series of targeted cyberattacks that may have originated in China, according to a report today in the Christian Science Monitor.
The attacks occurred in 2008, and were directed at Marathon Oil, ExxonMobil, and ConocoPhillips, the report, which quoted unnamed sources, said. The companies did not learn about the attacks or the extent to which they were compromised until they were informed about it by the FBI sometime in 2009.
The attacks, which have been a closely guarded secret of oil companies and federal authorities, were aimed at extracting "bid data," or information detailing the quantity, value and location of oil resources, the Monitor said quoting sources and documents on the attacks that it had obtained.
The compromised data included e-mail passwords, messages, other information tied to several C-level executives with access to proprietary exploration and discovery information, the Monitor quoted its sources as saying.
There is no confirmed China link, but data from at least one of the compromised computers was found being transmitted to a computer apparently based in China and one document referred to the breaches as being caused by the "China virus", the report said.
The Monitor story, which is based on a five month-long investigation, said the intrusions left dozens of computers across the three companies vulnerable to data theft. The thefts involved the use of custom-made spyware that was designed to evade whatever controls the companies might have had in place.
The initial compromise appears to have occurred in November 2008, via poisoned e-mails directed at numerous senior level executives at the companies. The letters, which contained a request for the recipients to analyze the Economic Stabilization Act, were each designed to appear to come from a person known to the recipient. A link embedded in the e-mail caused the malware program to be downloaded to the user's system from where it spread to other systems.
None of the three companies mentioned in the story responded to the Monitor's request for details on the attack, it claimed.
News of the attacks come in the wake of the recent disclosure that Google and at least 30 other high-tech companies being targeted by cyberattacks apparently originating from China.
The attacks have caused widespread concern and evoked a formal protest from the U.S. Meanwhile China itself has denied any role in the compromises and has claimed that it too has been the victim of numerous such attacks.
The attacks against the oil companies, and more recently Google and the other high-tech firms are highlighting what some security analysts call the Advanced Persistent Threat (APT) confronting a growing number of U.S commercial entities.
The term has been used for some time in government and military domains to describe targeted cyberattacks carried out by highly organized state-sponsored groups with deep technical skills and computing resources.
Such attacks are typically highly targeted, stealthy, customized and persistent. They also often involve intensive surveillance and advanced social engineering.
In many cases, the attacks target highly placed individuals within organizations who are tricked into visiting malicious sites or downloading malicious software onto their systems. Their goal in most cases is to steal trade secrets rather than personal or financial data.
Government networks, especially those of the Department of Defense, have been the target of such advanced persistent threats for years. But more recently the attacks have begun to spill over into the commercial realm.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, send e-mail to email@example.com or subscribe to Jaikumar's RSS feed .
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts