FBI probes cyber-espionage attacks on oil groups
SymbolPriceChangeINTC21.46-0.18
The US Federal Bureau of Investigation is probing a series of cyber-espionage attacks on at least five major oil, gas and petrochemical companies by hackers based in China.
The attacks, which began more than a year ago and are continuing, have succeeded in capturing sensitive financial information, including plans for bidding on drilling rights in specific fields, and production information, such as the configuration of equipment.
Such data would be worthless to most people but highly valuable to competitors in the industry, suggesting an economic motive for the intruders. The penetration followed a similar pattern at all of the targets identified so far and appeared to have been conducted by a group of a dozen or fewer people working from about 9am to 5pm Beijing time during the week.
“These were company worker bees, not freestyle hackers”, said Dmitri Alperovitch, a researcher at Intel (NASDAQ: INTC – news) -owned antivirus firm McAfee (NYSE: MFE – news) and a contributor to a white paper on the campaign being published on Thursday.
Mr Alperovitch said he and his colleagues had briefed the FBI and that the agency was investigating.
“We are aware of the threat to the oil and gas industry” from cyber-espionage, said FBI spokeswoman Jenny Shearer, adding that she could not confirm or deny specific inquiries.
The National Cyber-Forensics Training Alliance, a US non-profit that works with private companies as well as law enforcement and academia, has also been researching the case, and group chief executive Rob Plesco said it was the first that he knew of against the oil and gas industry.
Mr Plesco praised McAfee for going public with a description of the attacks on its clients, since targeted companies themselves rarely confess to such breaches and they can serve as an effective warning.
According to the white paper and Mr Alperovitch, the attacks began with an assault on the companies’ external websites using a common technique known as ‘SQL injection’, named after holes in the Structured Query Language used to communicate with databases. Hacking tools readily available on underground forums in China were then used to gain access inside the company’s servers, and automated cracking techniques gave the intruders user names and passwords.
The hackers then installed software to control the compromised machines and sent off e-mails and targeted documents to internet addresses in China.
They used previously known software flaws and did not go to great lengths to cover their tracks, the researchers found.
Such attacks are commonplace in many industries, investigators and law enforcement officials say, but are rarely divulged or explained.