Feeds

Aurora-style attacks swiped oil find data from energy giants

Social networks implicated in planning Google assault

The essential guide to IT transformation

At least three US oil giants were hit by cyberattacks aimed at stealing secrets, in the months before the high-profile Operation Aurora attacks against Google, Adobe et al in December.

Targeted attacks against Marathon Oil, ConocoPhillips, and ExxonMobil took place in 2008 and followed the same pattern as the later Aurora assaults. Information harvested by the attacks included "bid data" that gave information on new energy discoveries, according to documents obtained by the Christian Science Monitor.

The paper reports that at least some of this information from at least one firm was sent to computers in China. The attacks - which resulted in the compromise of email passwords and messages - were not detected by the firms themselves. They only became aware of security breaches following notification by the FBI in 2009. Details of the attacks are sketchy, but documents seen by the CSM refer to a China virus.

These reported attacks against energy firms are further evidence that industrial espionage featuring targeted lures and malware date back far beyond the Operation Aurora attacks. Those attacks prompted Google to threaten an exit from China earlier this month and sparked an ongoing political row between the US and China.

Howdunnit?

Exactly how hackers - probably based in China - went about attempting to hack into the Gmail accounts of dissidents has been the subject of much fevered speculation. Initially, the attacks were blamed on booby-trapped PDF files, but it's now commonly thought that a zero-day IE exploit, patched by Microsoft last week, was used in drive-by download attacks that tricked prospective marks into visiting booby-trapped websites.

In a new twist to the ongoing analysis of the attack, the Financial Times reports that the hackers may have used social networks for attack reconnaissance (identifying targets). They then sent IM lures to malign websites, while posing as this person's friend or business acquaintance. This interesting theory is plausible but unproven.

What's more certain is that a malware bundle establishing a backdoor was dropped onto compromised Windows systems using an IE6-based exploit of a then unpatched hole in Internet Explorer. Trojans established on compromised clients used an encrypted channel to communicate with command and control servers located in Taiwan and the US which have since been taken offline.

In the case of Google, at least, systems used to comply with law enforcement warrants may have been abused via the attack (an essay by Bruce Schneier looks into the security implications of this point here).

Google has stopped censoring its search results in China in response to the attacks, however they originated. However the search engine giant is reportedly in talks with the Chinese authorities that may result in it retaining a mobile phone business and research centre in China, even if it does eventually quit the search business there, AP reports. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.