Report: Chinese hackers launched summer offensive on US chemical industry

But Covert Grove, who appears to manage multiple computer networks at a vocational school, also responded to requests to connect with a "hacker for hire." So was Covert Grove behind the attacks – or just a small fish?

"We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role," wrote Eric Chien and Gavin O'Gorman, the authors of the Symantec report. "Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties."

Symantec also detected "several other hacker groups that had begun targeting some of the same chemical companies in this time period." That group's attacks were "very tailored, targeted e-mails," but far smaller in scope than the Nitro PoisonIvy attacks.

Dow Chemical Company told the online magazine PC World that it had detected "unusual e-mails being delivered to the company" last summer and worked with law enforcement to deal with it. "We have no reason to believe our operations were compromised, including safety, security, intellectual property, or our ability to service our customers," a Dow spokesman said.

To cybersecurity watchers, the Symantec study is suggestive, worrisome, but not necessarily surprising.

Security research firm McAfee in February reported that Chinese hackers had broken into the computer networks of five international oil and gas companies with the goal of stealing bid data and other key information. That report substantially corroborated a January 2010 Monitor report that found Chinese links to cyberespionage attacks against at least three global oil giants – Marathon Oil, ExxonMobil and ConocoPhillips.

Patrick Coyle, a former chemist for a major chemical company who now writes a blog about chemical industry cybersecurity, called the Symantec's findings "old news." But he noted that the implications could be dire if hackers got any industrial-control-system information that could help them sabotage chemical plants.

"What is important is that someone took the time and effort to execute a series of attacks on a wide array of chemical facilities across the globe," he wrote. "The attacks used old tools ... [but] the fact that they were successful points out how poorly the chemical industry is protecting their computer systems and intellectual property."

In general, Chinese attacks are carried out "by proxies who combine self-interest and national goals," writers Mr. Lewis of CSIS. That means there is "a good chance that the people who steal technology are not the same people who plan attacks. If company networks are vulnerable, that means a spy can get in now and a soldier can get in later, but it may not mean that the control systems are equally vulnerable."

This is why better cybersecurity is so needed, he notes. If you start to fix one problem, like espionage, you also help reduce risk in other areas, like a cybermilitary attack.

Previous

1 | 2