- Why a Saudi blogger faces a possible death sentence for three tweets
- America's big wealth gap: Is it good, bad, or irrelevant?
- Xi Jinping, future Chinese president, faces test on first White House visit (+video)
- Iran accuses Israel of setting up attacks on its own diplomats
- Valentine's Day: cost of romance rising for flower delivery, 4 other things
- No budget? No problem! The strange politics behind a budgetless America.
US oil industry hit by cyberattacks: Was China involved?
MONITOR EXCLUSIVE: Breaches show how sophisticated industrial espionage is becoming. The big question: Who’s behind them?
(Page 5 of 5)
China would certainly be interested in this kind of data, experts say. With the country’s economy consuming huge amounts of energy, China’s state-owned oil companies have been among the most aggressive in going after available leases around the world, particularly in Nigeria and Angola, where many US companies are also competing for tracts.
Skip to next paragraph
“Knowing which one of those blocks is oil-bearing – and which to go for and which not – is clearly worth something,” says Paul Dorey, former chief information security officer at BP, the world’s third-largest oil company, and now a computer-security consultant in London. “If I was a foreign government, that’s the data I would want to get – and any analysis that reveals [a company’s] intention. Yes, that would be pretty valuable.”
Still, a simple thirst for oil is no proof that a country is conducting corporate espionage. Even the suggestion, contained in one of the documents, that some data had flowed from a ConocoPhillips computer to a computer in China could have been the result of some other nation’s cyberspy unit co-opting Chinese servers to cover their tracks, experts say. Lee and other specialists admit that it will be difficult, and perhaps impossible, to ever determine definitively who was behind the attacks.
Even so, the oil industry breaches coincide with a growing number of coordinated cyberassaults in the US that many experts do blame on the Chinese. The Google allegations are just the most recent.
“What I’m saying to you is that it’s not just the oil and gas industry that’s vulnerable to this kind of attack: It’s any industry that the Chinese decide they want to take a look at,” says an FBI source. “It’s like they’re just going down the street picking out what they want to have.”
Last March, Canadian researchers identified 1,295 computers in 103 countries infected by spyware and operated by someone as a “GhostNet” or cyberspy network. In each case, a Trojan program was downloaded that allowed the attackers control of the computers traceable, the report said, to “commercial Internet accounts on the island of Hainan,” which is the home of the Chinese Army’s intelligence facility.
In October, a report by the US-China Economic and Security Review Commission summarized the threat bluntly. “China is likely using its maturing computer network exploitation capability to support intelligence collection against the US Government and industry by conducting a long term, sophisticated, computer network exploitation campaign.”
Chinese officials refuted the report when it came out, and, more recently, a spokesman for the Chinese Embassy in Washington, Wang Baodong, denied any Chinese involvement in the oil and gas industry attacks, saying the country forbids “all forms of cybercrimes, including hacking activities.”
Others remain skeptical. “The China threat is constant,” says Shawn Carpenter, principal forensics analyst for NetWitness, a cybersecurity company. “If there’s valuable intellectual property out there, there are people in China and elsewhere who want to take it. It’s the new battlefield – low risk and low investment with high gain.”
Previous
Become part of the Monitor community
36K on Facebook | 12K on Twitter | 2,250 on YouTube