Skip to content

Chinese hackers target oil companies: McAfee

February 12, 2011

The Sydney Morning Herald, 11 Feb 2011: Hackers from China have penetrated computer networks of global oil companies, stealing financial documents on bidding plans and other confidential information, a US computer security firm said Thursday.

“Starting in November 2009, coordinated covert and targeted cyberattacks have been conducted against global oil, energy, and petrochemical companies,” the Santa Clara, California-based McAfee said in a report.

In addition to attacking company computers, the hackers struck “individuals and executives in Kazakhstan, Taiwan, Greece, and the United States to acquire proprietary and highly confidential information,” McAfee said.

“Files of interest focused on operational oil and gas field production systems and financial documents related to field exploration and bidding.”

The industrial espionage charges are the latest leveled against hackers in China, which was accused in a report by the US-China Economic and Security Review Commission last year of waging massive attacks on US computer systems.

McAfee did not identify any of the companies targeted by the hackers. But it said all of the evidence pointed to the attackers being based in China.

“We have identified the tools, techniques, and network activities used in these continuing attacks — which we have dubbed Night Dragon — as originating primarily in China.” McAfee said.

Hacking tools “widely available on the Chinese underground” were used to break into a company’s intranet and obtain access to sensitive desktops and servers, it said.

“They proceeded to connect to other machines (targeting executives) and exfiltrating email archives and other sensitive documents,” McAfee said.

The computer security firm said “many actors” took part in the attacks but it had identified an individual in Heze City, Shandong Province, who provided the “crucial (command and control) infrastructure to the attackers.”

“Although we don’t believe this individual is the mastermind behind these attacks, it is likely this person is aware or has information that can help identify at least some of the individuals, groups, or organizations responsible for these intrusions,” it said.

McAfee said “all of the identified data exfiltration activity occurred from Beijing-based IP addresses and operated inside the victim companies weekdays from 9:00 am to 5:00 pm Beijing time.”

This suggests, it said, “that the involved individuals were ‘company men’ working on a regular job, rather than freelance or unprofessional hackers.”

“Although it is possible that all of these indicators are an elaborate red-herring operation designed to pin the blame for the attacks on Chinese hackers, we believe this to be highly unlikely,” McAfee said. “We have strong evidence suggesting that the attackers were based in China.”

In January 2010, Google said it had been the target of cyberattacks originating in China which included attempts to access the email accounts of Chinese human rights activists around the world.

China has denied involvement in the December 2009 cyberattacks which Google said also targeted more than 20 other companies and led the Internet giant to halt censorship of its search engine in China.

According to US diplomatic files obtained and published by WikiLeaks, the United States believes that China’s leadership directed the hacking campaign into computers of Google and Western governments.

In one cable, the US embassy in Beijing said it learned from “a Chinese contact” that the Politburo had led years of hacking into computers of the United States, its allies and Tibet’s spiritual leader the Dalai Lama.

US Director of National Intelligence James Clapper told Congress on Thursday that US computer systems were increasingly coming under attack.

Clapper, who did not specifically cite China, told a congressional committee that there had been a “dramatic increase” over the past year in malicious cyber activity targeting US computers and networks.

“Almost two-thirds of US firms report that they have been the victim of cybersecurity incidents or information breaches, while the volume of malicious software on American networks more than tripled from 2009,” Clapper said.



Comments are closed.

%d bloggers like this: