The US Federal Bureau of Investigation is probing a series of cyber-espionage attacks on at least five major oil, gas and petrochemical companies by hackers based in China.
The attacks, which began more than a year ago and are continuing, have succeeded in capturing sensitive financial information, including plans for bidding on drilling rights in specific fields, and production information, such as the configuration of equipment.
Such data would be worthless to most people but highly valuable to competitors in the industry, suggesting an economic motive for the intruders. The penetration followed a similar pattern at all of the targets identified so far and appeared to have been conducted by a group of a dozen or fewer people working from about 9am to 5pm Beijing time during the week.
“These were company worker bees, not freestyle hackers”, said Dmitri Alperovitch, a researcher at Intel (NASDAQ: INTC – news) -owned antivirus firm McAfee (NYSE: MFE – news) and a contributor to a white paper on the campaign being published on Thursday.
Mr Alperovitch said he and his colleagues had briefed the FBI and that the agency was investigating.
“We are aware of the threat to the oil and gas industry” from cyber-espionage, said FBI spokeswoman Jenny Shearer, adding that she could not confirm or deny specific inquiries.
The National Cyber-Forensics Training Alliance, a US non-profit that works with private companies as well as law enforcement and academia, has also been researching the case, and group chief executive Rob Plesco said it was the first that he knew of against the oil and gas industry.
Mr Plesco praised McAfee for going public with a description of the attacks on its clients, since targeted companies themselves rarely confess to such breaches and they can serve as an effective warning.
According to the white paper and Mr Alperovitch, the attacks began with an assault on the companies’ external websites using a common technique known as ‘SQL injection’, named after holes in the Structured Query Language used to communicate with databases. Hacking tools readily available on underground forums in China were then used to gain access inside the company’s servers, and automated cracking techniques gave the intruders user names and passwords.
The hackers then installed software to control the compromised machines and sent off e-mails and targeted documents to internet addresses in China.
They used previously known software flaws and did not go to great lengths to cover their tracks, the researchers found.
Such attacks are commonplace in many industries, investigators and law enforcement officials say, but are rarely divulged or explained.
TAIPEI (AFP) – A Taiwanese general detained in what could be the island’s worst espionage case in 50 years was lured by sex and money offered by a female Chinese agent, media reported Thursday.
Army major general Lo Hsien-che was allegedly recruited while stationed in Thailand between 2002 and 2005, drawn in by a honeytrap set by the agent, then in her early 30s, said the China Times, citing unnamed sources.
“Lured by sex and money offered by the spy, Lo was recruited by China to supply top secret information he handled,” the paper said.
The woman, described by the paper as “tall, beautiful and chic,” held an Australian passport and initially pretended to be working in the export and import trade when she met Lo, who was already married, the paper said.
Lo, now 51, started to collect secrets for her in 2004 and received up to $200,000 at a time for his services, eventually pocketing as much as $1 million from China, it said.
Although he returned to Taiwan in 2005, Lo continued working for China and kept meeting the woman in the United States, where he handed over more confidential information to her, it added.
Lo had managed to keep his activities under wraps and pass repeated loyalty checks and was promoted to a major general in 2008, according to the paper.
He was head of the army’s telecommunications and electronic information department when he was arrested last month, according to the defence ministry, which declined to comment on the report.
Military officials have called the scandal the worst Chinese communist espionage case in the past half century, given the sensitive affairs that Lo had access to.
“We do not know the relevant circumstances,” said a spokesman for the Taiwan Affairs Office in Beijing when asked to comment on the case.
China’s state-controlled Global Times tabloid quoted Li Fei, a Taiwan expert at southeast China’s Xiamen University, as saying the two sides of the Taiwan Straits are still actively spying on each other.
“Espionage activities have never ceased, even though cross-Straits tensions have eased over the years,” he said, adding agents no longer targeted only military secrets, but also economic and technological intelligence.
Taiwan’s military, which has set up an ad hoc group for damage control, warns that China has not stopped infiltrating into Taiwan despite warmer relations in recent years.
Lo’s arrest came amid fast-warming ties between Taipei and Beijing following the 2008 election of Beijing-friendly Ma Ying-jeou as president.
Taiwan and China have spied on each other ever since they split in 1949 at the end of a civil war. Beijing still regards the island as part of its territory awaiting reunification, if necessary by forc
E-mail is still the top attack method for targeted and espionage attacks, says Mikko Hypponen, chief research officer at security firm F-Secure.
Chat, instant messaging and web-based attacks are still in the minority, he told delegates at the RSA Conference 2011 in San Francisco.
The reason espionage is increasingly moving online, he said, is simply that most information is now stored digitally, and it is possible to steal information without necessarily gaining access to the target organisations.
Typically these are targeted attacks, where an individual within an organisation will receive an e-mail that appears to come from someone they know.
The e-mails also typically have a document attached that makes sense and is relevant to the recipient that is often a copy of actual documents used by the supposed sender’s organisation.
The recipient views the document, but is totally unaware that malware is being installed in the background that creates a backdoor, said Hypponen.
“This backdoor not only gives the attacker access to the victim’s system, but also to everything on the network that they are authorised to access,” he said.
Even though Word and other document types are used, PDF is the most common document used for targeted attacks.
“Attackers exploit vulnerabilities in Adobe Reader to install the malicious code on the victim’s machine,” said Hypponen.
In the face of these types of targeted espionage attacks, businesses should make employees aware of the tell-tale signs.
If documents take longer than usual to appear, it could be that a backdoor is being installed before a fake document is displayed, said Hypponen.
A difference in the name of the attached file and the file that is eventually displayed, is also an indicator of a potential targeted attack.
Anyone who suspects that e-mail may be illegitimate should check with the supposed sender to see if they did indeed send the e-mail in question, preferably before they open the attachment, he said.
Businesses can also better detect targeted attacks by monitoring the sites to which employee computers are connecting, said Hypponen.
In addition to several well-known malicious sites, businesses can monitor for sites that use variations on the spelling of legitimate sites.
“If an employee’s computer is connecting to a site like www.kabspersky.com, it is likely to be a malicious site,” said Hypponen.
It is important for businesses to ensure security patching is always up to date and they are monitoring all connections made from corporate computers, he said.
Hypponen also recommends businesses use an alternative PDF reader than the product from Adobe. His reasoning is that other readers do not have the same install base and are therefore less targeted.
NEW YORK (TheStreet) — As intellectual property becomes an ever-sharper point of contention in U.S.-Chinese relations, federal authorities are ramping up their efforts to combat economic espionage and trade-secret theft by Chinese nationals.
From General Motors(GM) to Ford(F), from Dow Chemical(DOW) to DuPont(DD), from Motorola(MOT) to Sun Microsystems, from Boeing(BA) to Northrop Grumman(NOC), dozens of U.S. companies have become embroiled in cases where employees have allegedy purloined top-secret business data — either by insiders or cyber-attack — and provided it to Chinese competitors.
Perhaps more than other Western nations, the U.S. has aggressively prosecuted cases of Chinese industrial espionage. In recent years, athorities here have been intensifying their efforts. “There’s been a lot of pressure from business and from the defense communities, both in the government and at contractors, that this is a problem,” says Sean Noonan, an analyst at Stratfor, a firm that provides research and analysis on geopolitical issues.
U.S. attorneys have filed at least eight trade-secret or industrial espionage cases related to China since 2008, more than the previous seven years combined. Those cases include both charges against individuals for intellectual property theft, as well as the more serious “economic espionage,” which the law describes as industrial spying for the “benefit of a foreign government.”
According to a report released by the Obama administration Monday, don’t expect the flurry of investigations to slow down.
In the 92-page text, which detailed the federal government’s intellectual property enforcement efforts in 2010, China loomed large.
“Over the last six months, we have heard repeated concerns about enforcement of patents and trade secrets, particularly in China,” the report read. “This year, DOJ and the Federal Bureau of Investigation (FBI) have increased their investigations and prosecutions of corporate and state-sponsored trade secret theft.”
Prepared by President Obama’s “intellectual-property czar,” a post he created just after he took office, the report said that the FBI will send a specialist agent to China later this year, charged with smoking out the illicit appropriation of intellectual property. Since September, the Department of Homeland Security’s investigative arm has had a designated agent stationed in Guangzhou working on trade-secret issues. And, in October, Attorney General Eric Holder made his visit to Beijing, specifically to hammer home U.S. worries about misappropriated intellectual property.
BHP Billiton chief executive Marius Kloppers was willing to trade secrets with the United States and feared espionage from the Chinese, Rio Tinto Ltd and the Australian government, according to an American secret diplomatic cable released by WikiLeaks and reported on by Fairfax Media.
Beginning in a June 4, 2009 meeting between Mr Kloppers and US consul-general Michael Thurston and in subsequent discussions, Mr Kloppers asked US diplomats for insights on China’s intentions and said he would be willing to trade secrets in order to obtain information on China, according to Fairfax reports on the secret US cable.
In addition, Mr Kloppers reportedly took credit for derailing the controversial plan by Chinese state-owned Chinalco to invest $23.9 billion in Rio Tinto. His claim of having personally quashed the investment came a day before the deal collapsed, the report said.
Mr Kloppers, who described himself as only nominally Australian, also reportedly complained about surveillance and even espionage by the Chinese, Rio Tinto and the Australian government, describing doing business in Melbourne as being similar to playing poker when everyone can see your cards, Fairfax reported.
The cables describe Mr Kloppers as saying the Australian government was wary of too much Chinese investment and would prevent Chinese state-owned firms from owning Australia’s largest mining companies such as BHP, Rio Tinto and Woodside Petroleum Ltd, according to Fairfax.
“Clearly frustrated, Mr Kloppers noted that doing business in Melbourne (BHP’s Australian headquarters) is like ‘playing poker when everyone can see your cards’,” it quoted a US envoy to Australia, Michael Thurston, as saying in a cable.
“(Mr Kloppers) complained that Chinese and industrial surveillance is abundant and went so far as to ask consul-general (Thurston) several times about his insights into Chinese intentions, offering to trade confidences,” the cable said.
BHP Billiton declined to comment.
BHP Billiton and Rio Tinto each count China as their biggest markets but relations with China have sometimes been tense, especially in the iron ore market which Rio Tinto and BHP Billiton dominate along with Brazil’s Vale .
Tensions peaked in 2009 when Chinese steel producers failed to clinch an annual pricing deal and a Shanghai court jailed four Rio Tinto employees, including Australian citizen Stern Hu, for stealing commercial secrets and taking bribes.
Their arrest at the height of fraught 2009 iron ore price negotiations strained ties between Australia and China, and shocked the Chinese steel industry.
BHP Billiton had already riled Chinese steel mills with its 2008 bid to take over Rio Tinto, though BHP Billiton later dropped its offer in the face of stiff global opposition among competition regulators. BHP Billiton upset the mills again in 2009 with a proposed iron ore joint venture with Rio Tinto, a deal that also floundered over anti-competition concerns.
Between those two failed attempts to forge a BHP Billiton-Rio Tinto alliance, Chinese state-owned metals conglomerate Chinalco proposed a $US23.9 billion partnership with Rio Tinto, which Rio Tinto initially accepted, but later rejected.
Mr Kloppers took personal credit for quashing that deal, according to Wikileaks, Fairfax reported.
“Australia does not want to become an open pit in the southern-most province of China,” Mr Kloppers said at the time, according to the report.
