Feeds

Aurora-style attacks swiped oil find data from energy giants

Social networks implicated in planning Google assault

Choosing a cloud hosting partner with confidence

At least three US oil giants were hit by cyberattacks aimed at stealing secrets, in the months before the high-profile Operation Aurora attacks against Google, Adobe et al in December.

Targeted attacks against Marathon Oil, ConocoPhillips, and ExxonMobil took place in 2008 and followed the same pattern as the later Aurora assaults. Information harvested by the attacks included "bid data" that gave information on new energy discoveries, according to documents obtained by the Christian Science Monitor.

The paper reports that at least some of this information from at least one firm was sent to computers in China. The attacks - which resulted in the compromise of email passwords and messages - were not detected by the firms themselves. They only became aware of security breaches following notification by the FBI in 2009. Details of the attacks are sketchy, but documents seen by the CSM refer to a China virus.

These reported attacks against energy firms are further evidence that industrial espionage featuring targeted lures and malware date back far beyond the Operation Aurora attacks. Those attacks prompted Google to threaten an exit from China earlier this month and sparked an ongoing political row between the US and China.

Howdunnit?

Exactly how hackers - probably based in China - went about attempting to hack into the Gmail accounts of dissidents has been the subject of much fevered speculation. Initially, the attacks were blamed on booby-trapped PDF files, but it's now commonly thought that a zero-day IE exploit, patched by Microsoft last week, was used in drive-by download attacks that tricked prospective marks into visiting booby-trapped websites.

In a new twist to the ongoing analysis of the attack, the Financial Times reports that the hackers may have used social networks for attack reconnaissance (identifying targets). They then sent IM lures to malign websites, while posing as this person's friend or business acquaintance. This interesting theory is plausible but unproven.

What's more certain is that a malware bundle establishing a backdoor was dropped onto compromised Windows systems using an IE6-based exploit of a then unpatched hole in Internet Explorer. Trojans established on compromised clients used an encrypted channel to communicate with command and control servers located in Taiwan and the US which have since been taken offline.

In the case of Google, at least, systems used to comply with law enforcement warrants may have been abused via the attack (an essay by Bruce Schneier looks into the security implications of this point here).

Google has stopped censoring its search results in China in response to the attacks, however they originated. However the search engine giant is reportedly in talks with the Chinese authorities that may result in it retaining a mobile phone business and research centre in China, even if it does eventually quit the search business there, AP reports. ®

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.