the “China virus"
The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show.
The companies – Marathon Oil, ExxonMobil, and ConocoPhillips – didn’t realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out..to China.
a major foreign intelligence agency has taken control of major portions of their network,” says the source familiar with the attacks. “You can’t get rid of this attacker very easily. It doesn’t work like a normal virus. We’ve never seen anything this clever, this tenacious.”
The new type of attack involves custom-made spyware that is virtually undetectable by antivirus and other electronic defenses traditionally used by corporations. Experts say the new cyberburglary tools pose a serious threat to corporate America and the long-term competitiveness of the nation. ( Rootkits, G. )
“We’ve had friends in the petroleum industry express grave concern because they’ve spent hundreds of millions of dollars finding out where the next big oil discovery will be,”
But lurking in the cybershadows is a far more insidious and sophisticated form of computer espionage that, until the recent exposure by search-engine titan Google, was little publicized and often went undetected. Such attackers represent the elite – a dark army of cyberspies targeting the heart of corporations around the world where trade secrets, proprietary data, and cutting-edge technologies lie locked away in digital fortresses.
....a single intruding piece of advanced spyware can change digital signatures to evade detection, spin off decoys, and lie low while waiting to pilfer targeted information. It gives clandestine control of a network over to the outside attackers. When the program finds data, it encrypts the information and sends it back to the cyberthieves.
“I can confirm for you that this type of advanced attack is happening to companies across the US today,” says Daniel Geer, chief information security officer for In-Q-Tel, a nonprofit venture capital firm funded by the Central Intelligence Agency.
The new cyberwarfare has become complex enough that specialized teams are used to carry out different operations. Often, an “intrusion team” of professional hackers will work to breach the system. An “exfiltration team” will retrieve the data. Another unit might be dedicated to maintaining an electronic foothold in the network for years. “There are clear lines of responsibility between different actors going on,” says Mr. Lee of Mandiant.
On Feb. 5, 2009, a handful of senior oil company executives and key technology people listened as federal officials from the National Cyber Investigative Joint Task Force in Fairfax, Va., – whose partner agencies include the Federal Bureau of Investigation, Secret Service, and members of the US intelligence community – began sharing some of what they had detected, documents show. Federal officials told the companies, for instance, that conventional defenses like antivirus software were not likely to be effective against “state-sponsored attacks,” the documents show.
Last March, Canadian researchers identified 1,295 computers in 103 countries infected by spyware and operated by someone as a “GhostNet” or cyberspy network. In each case, a Trojan program was downloaded that allowed the attackers control of the computers traceable, the report said, to “commercial Internet accounts on the island of Hainan,” which is the home of the Chinese Army’s intelligence facility.
Labels: the “China virus"