Skip to: Content
Skip to: Site Navigation
Skip to: Search


US oil industry hit by cyberattacks: Was China involved?

MONITOR EXCLUSIVE: Breaches show how sophisticated industrial espionage is becoming. The big question: Who’s behind them?

(Page 2 of 5)



Not so long ago, computer hacking was mainly the handiwork of individuals with overactive imaginations and good programming skills, and they often broke into computers for sport. More recently, people with more sinister motives – including organized criminal gangs – have made an industry out of stealing credit-card information and personal identities for quick cash.

Skip to next paragraph

But lurking in the cybershadows is a far more insidious and sophisticated form of computer espionage that, until the recent exposure by search-engine titan Google, was little publicized and often went undetected. Such attackers represent the elite – a dark army of cyberspies targeting the heart of corporations around the world where trade secrets, proprietary data, and cutting-edge technologies lie locked away in digital fortresses.

Some of these attacks are believed to be carried out by foreign governments or their surrogates. “Any country that wants to support and develop an indigenous industry may very well use cyberespionage to help do that,” says Greg Garcia, assistant secretary for cybersecurity at the Department of Homeland Security under the Bush administration.

While most major nations, including the United States, are conducting Internet espionage, experts say two traditional US adversaries, China and Russia, are among the most aggressive and adept at carrying out such attacks. Both countries are known to have large communities of hackers and a deep base of computer security expertise.

“China, more so than Russia, has a large number of hacker clubs watched closely by the government,” says O. Sami Saydjari, a former Department of Defense employee who runs Cyber Defense Agency, a Wisconsin-based security firm. “These talent pools are all potential recruits for China’s professional cyberwarfare units. We strongly suspect they encourage their hacker groups to go out and attack foreign entities and get practice.”

Spying on other countries’ defense agencies and diplomatic corps undoubtedly remains a focus of Internet espionage. But cyberspies are increasingly targeting strategically important businesses, both because of the information to be gleaned and because their defenses are often easier to penetrate.

Google has said it found evidence of at least 20 companies in an array of US industries that had been infiltrated by attacks from China. Was the Chinese government involved? China adamantly says “no.” Whether it was or not, the Google breach reveals how pervasive the new espionage war is becoming and how sophisticated the tools are with which it is being waged.

But before Google there was Marathon.

On Nov. 13, 2008, a senior executive at Marathon Oil in Houston looked at a strange e-mail on her screen. It appeared to be a response to a message she had sent a corporate colleague overseas. The only problem was, according to a source familiar with the incident who asked for anonymity, she hadn’t sent the original e-mail.

Yet there, on her screen, was a “reply” to what looked like her request for a comment on the “Emergency Economic Stabilization Act” – the federal bailout of US banks. And the original e-mail contained something else: an embedded Internet link. Recognizing the danger, the executive alertly sent out an internal warning that the e-mail was fake and may contain a computer virus.

How to keep prying eyes out of your computer network

The computer security systems of many major corporations today are a Maginot line: Hackers are all too often overwhelming the defenders.

New forms of customized fake e-mails and other sophisticated programs can easily breach computer firewalls. Cyberthieves are devising new strains of spyware quicker than many companies can thwart them with antivirus software.

In the burgeoning world of Internet espionage, the advantage seems to be increasingly tipping toward the spies.

“Attackers’ capabilities are racing ahead while many companies don’t yet realize the full threat they face,” says Paul Williams, a cybersecurity expert who spoke at a recent oil industry conference in Houston.

To redress the balance, experts offer several suggestions. One is for companies to become more zealous about monitoring critical information as it moves across their own networks. Often, companies are vigilant about setting up secure walls around their systems that try to prevent offending viruses and other spyware from getting in.

But they are usually less rigorous in monitoring key information that is going out of the network, which can be a window into nefarious activity that might be going on and who’s behind it, according to Daniel Geer, chief information security officer for In-Q-Tel, a nonprofit venture capital firm funded by the Central Intelligence Agency. “Companies need full instrumentation to detect at what point and where access to critical data takes place,” he says. “What’s required is defending data and monitoring its use.”

That may sound a lot like “Big Brother” knocking at the door – and it does worry people. But Dr. Geer, author of the book “Economics and Strategies of Data Security,” argues that rather than zeroing in on people, firms should first:

• Identify critical data and then adopt systems so that you know how often the information is being accessed, by whom, and where it is going. Data that is valuable should be monitored at a level “in proportion to its value,” he writes.

• Make data security a principal focus of the company, not just an afterthought. That would include developing both surveillance and “interdiction” capability to be able to cut off access to key data – swiftly. This means built-in, rather than bolted on, security.

“We are kidding ourselves if we think that the attractive benefits of the digital lifestyle, whether for persons or companies, don’t come with a serious price in the form of data control,” he writes in his book.

“Infrastructure can be replaced,” he adds in an interview. “But data lost is a tragedy.

– Mark Clayton

A glossary of cyberthievery

Phishing: Fraudulent bid to gain user names, passwords, and other sensitive information by appearing as a trusted source, usually in e-mails or instant messages.

Spear-phishing: Customized version of phishing directed at specific people, such as senior executives in companies. It might be a fake e-mail sent in the name of a boss to an associate.

Trojan horse: Computer program that seems to perform a useful function but instead aids unauthorized access to a network. They are often activated by links in fake e-mails.

Zero-day spyware: Program that is used to hack into a system on or before the first day engineers have developed software to thwart it.

“Level 3” threat: State-sponsored teams of experts that breach a system using a variety of artful tools. The goal is often long-term infiltration.

Sources: Wikipedia, Monitor research

Permissions