Feeds

Aurora-style attacks swiped oil find data from energy giants

Social networks implicated in planning Google assault

Top 5 reasons to deploy VMware with Tegile

At least three US oil giants were hit by cyberattacks aimed at stealing secrets, in the months before the high-profile Operation Aurora attacks against Google, Adobe et al in December.

Targeted attacks against Marathon Oil, ConocoPhillips, and ExxonMobil took place in 2008 and followed the same pattern as the later Aurora assaults. Information harvested by the attacks included "bid data" that gave information on new energy discoveries, according to documents obtained by the Christian Science Monitor.

The paper reports that at least some of this information from at least one firm was sent to computers in China. The attacks - which resulted in the compromise of email passwords and messages - were not detected by the firms themselves. They only became aware of security breaches following notification by the FBI in 2009. Details of the attacks are sketchy, but documents seen by the CSM refer to a China virus.

These reported attacks against energy firms are further evidence that industrial espionage featuring targeted lures and malware date back far beyond the Operation Aurora attacks. Those attacks prompted Google to threaten an exit from China earlier this month and sparked an ongoing political row between the US and China.

Howdunnit?

Exactly how hackers - probably based in China - went about attempting to hack into the Gmail accounts of dissidents has been the subject of much fevered speculation. Initially, the attacks were blamed on booby-trapped PDF files, but it's now commonly thought that a zero-day IE exploit, patched by Microsoft last week, was used in drive-by download attacks that tricked prospective marks into visiting booby-trapped websites.

In a new twist to the ongoing analysis of the attack, the Financial Times reports that the hackers may have used social networks for attack reconnaissance (identifying targets). They then sent IM lures to malign websites, while posing as this person's friend or business acquaintance. This interesting theory is plausible but unproven.

What's more certain is that a malware bundle establishing a backdoor was dropped onto compromised Windows systems using an IE6-based exploit of a then unpatched hole in Internet Explorer. Trojans established on compromised clients used an encrypted channel to communicate with command and control servers located in Taiwan and the US which have since been taken offline.

In the case of Google, at least, systems used to comply with law enforcement warrants may have been abused via the attack (an essay by Bruce Schneier looks into the security implications of this point here).

Google has stopped censoring its search results in China in response to the attacks, however they originated. However the search engine giant is reportedly in talks with the Chinese authorities that may result in it retaining a mobile phone business and research centre in China, even if it does eventually quit the search business there, AP reports. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.