Wednesday, January 27, 2010

US oil industry hit by cyberattacks: Was China involved?

On January 25, The Christian Science Monitor published an article detailing cyber attacks against three Oil & Gas companies. According to the article,
At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage. The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show.

The companies – Marathon Oil, ExxonMobil, and ConocoPhillips – didn’t realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas, a source familiar with the attacks says and documents show.

The data included e-mail passwords, messages, and other information tied to executives with access to proprietary exploration and discovery information, the source says.

The attackers appear to have gained access to their targets by patiently researching which key personnel to target with phishing attacks designed to downloaded malware into the victim's networks.

The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show.

The companies – Marathon Oil, ExxonMobil, and ConocoPhillips – didn’t realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas, a source familiar with the attacks says and documents show.

The data included e-mail passwords, messages, and other information tied to executives with access to proprietary exploration and discovery information, the source says.

But, according to the source and documents obtained by the Monitor, her response was too late. The fake had already been forwarded to other people – and someone had clicked on the link it contained. Instantly, an unseen spy program started spreading stealthily across Marathon’s global computer network.

Nearly identical fake e-mails that appeared to come from senior executives were also sent to colleagues in key posts at ExxonMobil and ConocoPhillips – all containing a request for them to analyze the Economic Stabilization Act noted on the subject line, a source familiar with the attacks says.

The entire article is worth the read. It highlights the systemic nature of the cyber threat to US economic and national security.

2 comments:

Matt said...

It is interesting to consider both the good and bad aspects of a society that is moving towards a digital-age. While the use of the internet and other telecommunication devices does allow for faster exchange of information, it also allows for faster and more covert means of intercepting this information.

Computers make life easier. They allow us to store all of our personal data in one place that uses very little space. However, there are many major drawbacks. Corrupted data files can lead to a loss of important things, such as financial records. Hackers can infiltrate our personal lives. People need to learn to be careful with what they put on their computers, let alone on the internet. Anything not worth the risk of losing to corruption or hacking is also not worth putting into digital form. Keep important personal files in paper form AS WELL AS in digital form if you must. We as a society must learn to adapt to the relative ease of data exchange in this new age, but also must not come to solely rely on it.

The digital age has lead to a whole new era of cyber-warfare, where information is king. The oil companies made the mistake of relying solely on one form of digital information exchange -- the one form that is also most easily cracked. Perhaps the careful use of multiple forms (email, blog, webpage updates, or even twitter/facebook messages) in addition to non-digital forms of this information could have perhaps led to a more fortuitous outcome.

Ned Moran said...

To be fair, even if these oil companies had maintained paper records of all their intellectual property the fact that at least copy was stored in a digital format exposed a vulnerability. As we will learn later in the semester, information systems are vulnerable to a variety of attacks including attacks on confidentiality, integrity, and availability. Confidentiality attacks, similar to those against the oil companies, steal digital data. In many cases, the attackers leave a copy of the data behind so as not to tip the victim off to the theft.