US oil companies hacked; report links attack to sources within China

The alleged attacks targeted 'bid data' – information on where the most promising oil deposits are located.
The alleged attacks targeted 'bid data' – information on where the most promising oil deposits are located.

Marathon Oil, ExxonMobil, and ConocoPhilips were all targeted in the attacks, according to a report in the Christian Science Monitor, which conducted a five-month investigation into the event. It alleged that the attacks targeted 'bid data' – information on where the most promising oil deposits are, and how much oil is likely to be under the ground.

The report alleged that custom-made spyware was used to fly under the radar of most anti-virus detection systems, and siphoned information to computers in China on at least one occasion. The spyware appears to have been delivered via an email crafted to appeal to oil industry executives, asking for a response to an economic stabilization document. The mail contained a link to a server that installed the malware on the target machine. Multiple machines at Marathon Oil were compromised, said the report.

This is the latest report of a series of cyber-attacks, many of which point, at least cursorily, to China. The Operation Aurora attack on Google, Yahoo and other companies came from computers in China, according to reports, and led to a threat from Google to shut down its Chinese operations. Even more recently, military contractors were targeted with documents designed to appeal directly to people working in their industry. The document used an attack mounted via a malicious PDF that exploited what at the time was an unpatched vulnerability in Adobe Reader.

Ghost.Net, an attack discovered by security group SecDev last year, was a tiny botnet of machines in positions that were strategic to China, which had been compromised with custom malware.

The problem, as SecDev observed at the time, is that it is difficult to pin responsibility for these attacks on the Chinese state, or indeed on any groups operating within China. One could posit that the Chinese government was employing teams of people to hack selected targets, or simply sanctioning such attacks from independent hacker groups in the country, of which there are many. The motive certainly exists. However, it is just as possible that other state or non-state actors could be conducting the attacks via compromised Chinese machines. Thus, the attacks are opaque enough to give any suspects plausible deniability.

China's need for oil is transparent enough, however. For the first time in its history, the country's crude oil imports exceeded 50% of its total consumption last year, and its economy, while dampened by the wider economic crisis, continues to grow.

Shares in ConocoPhilips, Marathon Oil and ExxonMobil were all down the day after the Christian Science Monitor report hit, falling at least ten times more than the S&P 500 index, which was down 0.8% on Tuesday morning. Marathon, which featured heavily in the report, fell the most at 1.20% of its value at the market's close on Monday.

What’s Hot on Infosecurity Magazine?