Why the 'China virus' hack at US energy companies is worrisome
When three big US oil companies learned they were penetrated by hackers, cyber-security experts found that valuable bid data on energy deposits was compromised. The trail pointed to China.
Since the 9/11 attacks, national security has largely been about protecting the US homeland against radical Islamists. But as dangerous as al-Qaeda and other groups have proven to be, the threat they represent is not as systemic as the ongoing threat of cyber-warfare.Skip to next paragraph
Subscribe Today to the Monitor
Right now, there is every reason to believe a covert cyber-war is underway and that crucial industrial information has made its way to computers in China.
When Google announced two weeks ago that Chinese hackers had broken into its Gmail system, the target appeared to be information about human-rights activists in China. But hackers operating from Chinese servers are also systematically targeting the IT networks of major US companies to extract valuable competitive intelligence in areas like technology and energy resources.
A Christian Science Monitor investigative report reveals that hackers penetrated the security walls of three US energy companies, targeting information that would give them an insight into valuable data on oil and gas exploration. (The report appears in full in the Jan. 31-dated issue of the Monitor weekly newsmagazine.)
The attack, which occurred in 2008 and was brought to the companies' attention by the FBI later that year, unfolded via fake e-mail messages containing what cyber-security specialists have dubbed a "China virus." A "Trojan horse" was installed on the companies IT networks when an e-mail recipient clicked on an embedded link.
The target: competitive data on potential energy deposits.
Energy companies spend hundreds of millions of dollars each year dispatching geologists, work crews, and sophisticated exploration equipment to remote parts of the globe to search for oil and gas. After dozens of dry holes, an oil company might come up with a handful of good prospects.
That information constitutes the "crown jewels" of an energy company. With it, a company bids on a concession to drill for oil and then to develop the resources. A rival who steals information about the most promising tracts can easily outbid US companies and still save millions by skipping the exploration.
In recent days, China and the US have been trading strongly worded charges about cyber-spying and Internet censorship. US government agencies and private-security firms, meanwhile, are scrambling to protect American companies from penetration of their IT networks by foreign governments, including China.
"It's like they're just going down the street picking out what they want to have," one FBI source said of the Chinese hackers.
The ongoing cost of cyber-spying is lost jobs and higher energy prices. McAfee, the anti-virus software firm, estimated that $1 trillion was stolen from companies and individuals via the Internet in 2008. And the cost could be much worse if relations between the US and China deteriorate: Commerce could be disrupted, power-grids compromised, and sensitive data lost.
While the FBI and US companies know they are vulnerable, correcting the problem is neither easy nor cheap, especially if it means shutting off outside e-mail or taking an IT system down to install new security measures. As the New York Times reports today, intelligence agencies are wrestling with how to protect the IT networks of government and industry from attack. They are frustrated in their inability to trace the attackers back to their source. But, as seen in Secretary of State Hillary Clinton's decrying of China's censoring of the Internet last week, there is definitely a diplomatic escalation underway that parallels the covert cyberwar.
For all the shock and spectacle of an al-Qaeda terrorist attack, the Monitor investigation makes clear that a largely silent war is going on via the Internet and deep within the databases of international companies. The stakes in the global cyber-war are at least as high as those in the global war on terror.
John Yemma is editor of The Christian Science Monitor