Feeds

Aurora-style attacks swiped oil find data from energy giants

Social networks implicated in planning Google assault

Protecting users from Firesheep and other Sidejacking attacks with SSL

At least three US oil giants were hit by cyberattacks aimed at stealing secrets, in the months before the high-profile Operation Aurora attacks against Google, Adobe et al in December.

Targeted attacks against Marathon Oil, ConocoPhillips, and ExxonMobil took place in 2008 and followed the same pattern as the later Aurora assaults. Information harvested by the attacks included "bid data" that gave information on new energy discoveries, according to documents obtained by the Christian Science Monitor.

The paper reports that at least some of this information from at least one firm was sent to computers in China. The attacks - which resulted in the compromise of email passwords and messages - were not detected by the firms themselves. They only became aware of security breaches following notification by the FBI in 2009. Details of the attacks are sketchy, but documents seen by the CSM refer to a China virus.

These reported attacks against energy firms are further evidence that industrial espionage featuring targeted lures and malware date back far beyond the Operation Aurora attacks. Those attacks prompted Google to threaten an exit from China earlier this month and sparked an ongoing political row between the US and China.

Howdunnit?

Exactly how hackers - probably based in China - went about attempting to hack into the Gmail accounts of dissidents has been the subject of much fevered speculation. Initially, the attacks were blamed on booby-trapped PDF files, but it's now commonly thought that a zero-day IE exploit, patched by Microsoft last week, was used in drive-by download attacks that tricked prospective marks into visiting booby-trapped websites.

In a new twist to the ongoing analysis of the attack, the Financial Times reports that the hackers may have used social networks for attack reconnaissance (identifying targets). They then sent IM lures to malign websites, while posing as this person's friend or business acquaintance. This interesting theory is plausible but unproven.

What's more certain is that a malware bundle establishing a backdoor was dropped onto compromised Windows systems using an IE6-based exploit of a then unpatched hole in Internet Explorer. Trojans established on compromised clients used an encrypted channel to communicate with command and control servers located in Taiwan and the US which have since been taken offline.

In the case of Google, at least, systems used to comply with law enforcement warrants may have been abused via the attack (an essay by Bruce Schneier looks into the security implications of this point here).

Google has stopped censoring its search results in China in response to the attacks, however they originated. However the search engine giant is reportedly in talks with the Chinese authorities that may result in it retaining a mobile phone business and research centre in China, even if it does eventually quit the search business there, AP reports. ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.