Feeds

Aurora-style attacks swiped oil find data from energy giants

Social networks implicated in planning Google assault

Reducing security risks from open source software

At least three US oil giants were hit by cyberattacks aimed at stealing secrets, in the months before the high-profile Operation Aurora attacks against Google, Adobe et al in December.

Targeted attacks against Marathon Oil, ConocoPhillips, and ExxonMobil took place in 2008 and followed the same pattern as the later Aurora assaults. Information harvested by the attacks included "bid data" that gave information on new energy discoveries, according to documents obtained by the Christian Science Monitor.

The paper reports that at least some of this information from at least one firm was sent to computers in China. The attacks - which resulted in the compromise of email passwords and messages - were not detected by the firms themselves. They only became aware of security breaches following notification by the FBI in 2009. Details of the attacks are sketchy, but documents seen by the CSM refer to a China virus.

These reported attacks against energy firms are further evidence that industrial espionage featuring targeted lures and malware date back far beyond the Operation Aurora attacks. Those attacks prompted Google to threaten an exit from China earlier this month and sparked an ongoing political row between the US and China.

Howdunnit?

Exactly how hackers - probably based in China - went about attempting to hack into the Gmail accounts of dissidents has been the subject of much fevered speculation. Initially, the attacks were blamed on booby-trapped PDF files, but it's now commonly thought that a zero-day IE exploit, patched by Microsoft last week, was used in drive-by download attacks that tricked prospective marks into visiting booby-trapped websites.

In a new twist to the ongoing analysis of the attack, the Financial Times reports that the hackers may have used social networks for attack reconnaissance (identifying targets). They then sent IM lures to malign websites, while posing as this person's friend or business acquaintance. This interesting theory is plausible but unproven.

What's more certain is that a malware bundle establishing a backdoor was dropped onto compromised Windows systems using an IE6-based exploit of a then unpatched hole in Internet Explorer. Trojans established on compromised clients used an encrypted channel to communicate with command and control servers located in Taiwan and the US which have since been taken offline.

In the case of Google, at least, systems used to comply with law enforcement warrants may have been abused via the attack (an essay by Bruce Schneier looks into the security implications of this point here).

Google has stopped censoring its search results in China in response to the attacks, however they originated. However the search engine giant is reportedly in talks with the Chinese authorities that may result in it retaining a mobile phone business and research centre in China, even if it does eventually quit the search business there, AP reports. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.