Feeds

Exxon, Shell, BP outed as mystery hack attack victims

'Millions of dollars' in data targeted

Remote control for virtualized desktops

Bloomberg News has identified six of the energy companies targeted in recent series of “coordinated covert and targeted cyberattacks” and says the victims could face legal liability for choosing not to disclose them to shareholders.

The roster includes Exxon Mobil, Royal Dutch Shell, BP, Marathon Oil, ConocoPhillips, and Baker Hughes, according to an article the news service published on Thursday. The report cited one of the victim companies and investigators who declined to be identified.

The attacks were ongoing for at least two years and possibly as long as four years. The unknown hackers worked through servers located in China.

The attackers “targeted computerized topographical maps worth 'millions of dollars' that show locations of potential oil reserves,” Bloomberg said, citing Ed Skoudis, founder and senior security consultant for InGuardians. The hacks were first disclosed in a report issued by McAfee, which said they resulted in the in the loss of “project-financing information with regard to oil and gas field bids and operations.”

Bloomberg said none of the hacked companies disclosed the attacks to shareholders, and quoted a lawyer who said “there is certainly the potential for shareholder derivative liability.”

The report also cited a McAfee spokesman saying company researchers promised to withhold the identity of the compromised companies in exchange for their help in preparing the report, which was done to “educate the community.”

The public outing of the victims could cause companies to think twice about participating in anonymous studies in the future. ®

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?