RSS Alerts
The alleged attacks targeted 'bid data' – information on where the most promising oil deposits are located.

Share

More services

Related Links

Related Stories

  • Further evidence links Aurora attack to China
    Further evidence has emerged suggesting that the Operation Aurora attack exploiting a zero-day flaw in Internet Explorer came from within the People's Republic of China.
  • China engaged in long-term information warfare activity, says US government
    China is waging a long-term sustained information warfare campaign against the US, according to a report by the US-China Economic and Security Review Commission (USCC).
  • A Blueprint for Secure Intellectual Property
    Protecting intellectual property (IP) is imperative for any business. Providing a unique business model will encourage revenue, and keeping selected information from ambitious soon to be ex-employees should help to stave off the competition. Add a recession to the mix, complete with unscrupulous tactics, legal grey areas and an increase in redundancies, and the brewing threats might just boil over. Rob Stringer looks into the not-so-secret formula for keeping intellectual property secure
  • Congress concerns over China cyberwarefare program
    A Congressional Panel of six Democrats and six Republicans has concluded that China has developed a highly sophisticated cyberwarfare program and is ramping up its capacity to penetrate US computer networks.
  • The Spy Who Hacked Me
    James Bond was more of a jock than a nerd, and he probably wouldn’t have known how to use a computer, says Danny Bradbury. How things have changed…

Top 5 Stories

News

US oil companies hacked; report links attack to sources within China

26 January 2010

Reports in the Christian Science Monitor suggest that at least three large US oil companies have been the victims of targeted attacks. The custom-made spyware used in the attack appears to have sent the information to China, at least in one case.

Marathon Oil, ExxonMobil, and ConocoPhilips were all targeted in the attacks, according to a report in the Christian Science Monitor, which conducted a five-month investigation into the event. It alleged that the attacks targeted 'bid data' – information on where the most promising oil deposits are, and how much oil is likely to be under the ground.

The report alleged that custom-made spyware was used to fly under the radar of most anti-virus detection systems, and siphoned information to computers in China on at least one occasion. The spyware appears to have been delivered via an email crafted to appeal to oil industry executives, asking for a response to an economic stabilization document. The mail contained a link to a server that installed the malware on the target machine. Multiple machines at Marathon Oil were compromised, said the report.

This is the latest report of a series of cyber-attacks, many of which point, at least cursorily, to China. The Operation Aurora attack on Google, Yahoo and other companies came from computers in China, according to reports, and led to a threat from Google to shut down its Chinese operations. Even more recently, military contractors were targeted with documents designed to appeal directly to people working in their industry. The document used an attack mounted via a malicious PDF that exploited what at the time was an unpatched vulnerability in Adobe Reader.

Ghost.Net, an attack discovered by security group SecDev last year, was a tiny botnet of machines in positions that were strategic to China, which had been compromised with custom malware.

The problem, as SecDev observed at the time, is that it is difficult to pin responsibility for these attacks on the Chinese state, or indeed on any groups operating within China. One could posit that the Chinese government was employing teams of people to hack selected targets, or simply sanctioning such attacks from independent hacker groups in the country, of which there are many. The motive certainly exists. However, it is just as possible that other state or non-state actors could be conducting the attacks via compromised Chinese machines. Thus, the attacks are opaque enough to give any suspects plausible deniability.

China's need for oil is transparent enough, however. For the first time in its history, the country's crude oil imports exceeded 50% of its total consumption last year, and its economy, while dampened by the wider economic crisis, continues to grow.

Shares in ConocoPhilips, Marathon Oil and ExxonMobil were all down the day after the Christian Science Monitor report hit, falling at least ten times more than the S&P 500 index, which was down 0.8% on Tuesday morning. Marathon, which featured heavily in the report, fell the most at 1.20% of its value at the market's close on Monday.

This article is featured in:
Data Loss  • Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012