US oil industry hit by cyberattacks: Was China involved?
MONITOR EXCLUSIVE: Breaches show how sophisticated industrial espionage is becoming. The big question: Who’s behind them?
(Page 4 of 5)
Once a bogus link is clicked on, a single intruding piece of advanced spyware can change digital signatures to evade detection, spin off decoys, and lie low while waiting to pilfer targeted information. It gives clandestine control of a network over to the outside attackers. When the program finds data, it encrypts the information and sends it back to the cyberthieves.Skip to next paragraph
Subscribe Today to the Monitor
“I can confirm for you that this type of advanced attack is happening to companies across the US today,” says Daniel Geer, chief information security officer for In-Q-Tel, a nonprofit venture capital firm funded by the Central Intelligence Agency.
The new cyberwarfare has become complex enough that specialized teams are used to carry out different operations. Often, an “intrusion team” of professional hackers will work to breach the system. An “exfiltration team” will retrieve the data. Another unit might be dedicated to maintaining an electronic foothold in the network for years. “There are clear lines of responsibility between different actors going on,” says Mr. Lee of Mandiant.
Fake “phishing” e-mails are a familiar problem in corporate America and usually easily dealt with. Oil companies employ some of the top computer security talent. But the Nov. 13, 2008, e-mail to the executive at Marathon was not an ordinary phishing e-mail, as company officials found out when the FBI contacted them.
Agents told the companies that their computer networks were being covertly manipulated by outsiders and proprietary information had been flowing out, according to the source and documents. (FBI officials in Washington and Houston refused to comment on the cases or to acknowledge that they were involved in them.)
Once alerted, the Marathon team began finding other e-mail accounts, passwords, and personal computers that were “compromised,” says the source and documents show.
On Feb. 5, 2009, a handful of senior oil company executives and key technology people listened as federal officials from the National Cyber Investigative Joint Task Force in Fairfax, Va., – whose partner agencies include the Federal Bureau of Investigation, Secret Service, and members of the US intelligence community – began sharing some of what they had detected, documents show. Federal officials told the companies, for instance, that conventional defenses like antivirus software were not likely to be effective against “state-sponsored attacks,” the documents show.
Further, based on the kind of information that was being stolen, federal officials said a key target appeared to be bid data potentially valuable to “state-owned energy companies,” according to a written summary of the meeting. Marathon and other oil companies spend billions worldwide to locate new deposits. Most oil “lease blocks” produce little of value. But a few yield vast returns, and the estimates of where oil might be found and how much it might yield could give an outside entity a big advantage in bidding wars for prime leases.