‘Night Dragon’ Cyber Attacks Big Oil

Friday, February 11, 2011 @ 05:02 PM gHale

By Nicholas Sheble
Hackers who appear to be in China have conducted a coordinated campaign of cyber espionage against major Western energy companies, according to a report from cyber security firm McAfee.

Law-enforcement agencies are investigating the incidents, which McAfee said have been going on at least since late 2009 but may have started as early as 2007, according to a report in The Wall Street Journal.

The company dubbed the attacks “Night Dragon” and says they are ongoing.

McAfee released a white paper that goes into more details about the hacks.

The attacks started with a SQL-injection technique that compromised external web servers. Using common hacking tools the intruders then accessed intranets, giving them access to internal servers and desktops. There they collected user names and passwords. After disabling Internet Explorer proxy settings, the hackers were able to establish direct communication from infected machines to the Internet.

McAfee said the hackers targeted five multinational firms. They did not identify the companies because some are clients.

McAfee feels in 2010 was the beginning of a new decade in the world of cyber security. In the previous decade, the security community was immature, reacted with technical solutions, and lacked security sophistication. The result was critical outbreaks, like Code Red, Nimda, Blaster, Sasser, SQL Slammer, Conficker, and myDoom.

The security community has evolved and grown smarter about security, safe computing, and system hardening but so have adversaries. This decade is setting up to be the exponential jumping off point.

The adversaries are rapidly leveraging productized malware toolkits that let them develop more malware than in all prior years combined As well they have matured from the prior decade to release the most insidious and persistent cyber threats ever known.

According to McAfee, the cyber attacks took gigabytes of highly sensitive internal documents, including proprietary information about oil- and gas-field operations, project financing, and bidding documents.

That pattern of espionage is sure to raise fresh alarms in the corporate world about information theft.

Nicholas Sheble is an engineer, writer, and analyst based in Raleigh, NC. You can reach him at nsheble@isssource.com.