Report unearths targeted attacks on oil firms
The Christian Science Monitor reports there is a China link in one of the attacks on three oil firms in 2008 that involved e-mails containing hyperlinks to spyware.
Three U.S. oil companies were targeted in 2008 in computer attacks in which sensitive information was leaked, including in one case to a computer in China, according to a published report.
In the attacks, senior level executives received e-mails that contained embedded links that when clicked on downloaded spyware to computers, The Christian Science Monitor reported Monday. The spyware was custom-made and undetectable by antivirus software, according to the report. The publication conducted a five-month investigation into the attacks.
The companies--Marathon Oil, ExxonMobil, and ConocoPhillips--were informed by the FBI that valuable information was targeted including "bid data" on the quantity, value, and location of oil discoveries around the world, and messages and e-mail passwords were exposed, the report said.
"What these guys [corporate officials] don't realize, because nobody tells them, is that a major foreign intelligence agency has taken control of major portions of their network," the publication quotes a source familiar with the attacks as saying. "You can't get rid of this attacker very easily. It doesn't work like a normal virus. We've never seen anything this clever, this tenacious."
The oil companies declined to comment for the report.
The attacks appear to have been similar to those on Google, Adobe, and a host of other Silicon Valley companies that Google discovered in mid-December. It's unclear in those cases as well who was behind the attacks. But Google is confident enough with the Chinese connection in the attacks--and separate attacks on Gmail users who are human rights activists--to plan to drop its censorship practices in China and threaten to withdraw from the country.
Cyber espionage is not new; it's just getting more sophisticated, experts say.