‘Night Dragon’ Follow: Six Oil Firms Hacked

Wednesday, March 2, 2011 @ 05:03 PM gHale

Exxon Mobil, Royal Dutch Shell and BP are three of the six major energy companies hit by cyber attacks through Internet servers in China where thieves stole proprietary information, according to officials close to the investigations.

In a report filed on ISSSource.com, cyber security software provider McAfee Inc. reported the attacks resulted in the loss of “project-financing information with regard to oil and gas field bids and operations.” In its report, McAfee, assisted by other cyber security firms, didn’t identify the energy companies targeted. The attacks, which it dubbed “Night Dragon,” originated “primarily in China” and occurred during the past three years.

The list of companies hit, none of which disclosed the attacks in filings with regulators, also includes Marathon Oil, ConocoPhillips and Baker Hughes, according to the people familiar with the investigations and requested anonymity because of the confidential nature of the matter.

Hackers broke into the computer network of Baker Hughes, said Gary Flaharty, spokesman for the Houston-based provider of advanced drilling technology. Baker Hughes concluded the incident didn’t need disclosure because it wasn’t material to investors, he said, declining to comment further.

In some of the cases, hackers had undetected access to company networks for more than a year, said Greg Hoglund, chief executive of Sacramento, CA-based HBGary Inc., a cyber security company that investigated some of the security breaches. Hoglund declined to identify his clients.

“Legal information, information on deals and financial information are all things that appear to be getting targeted,” Hoglund said, summing up conclusions his firm made from the types of documents and persons targeted by the hackers.

Hackers targeted computerized topographical maps worth “millions of dollars” that show locations of potential oil reserves, said Ed Skoudis, whose company, Washington-based InGuardians Inc., investigated two recent breaches of U.S. oil companies’ networks. He declined to name his clients or the origin of the hackers.

The McAfee report described the techniques used to get into the energy company computers as “unsophisticated” and commonly used by Chinese hackers. The attacks began in November 2009, McAfee said. Two cyber investigators familiar with the probes said the attacks began even earlier in 2008.

McAfee based the report on information gathered from its own work on the breaches and from others who were directly involved in investigating them. The report, produced on the condition the affected companies not be identified, was done to “educate the community,” said Ian Bain, a McAfee spokesman.

Ma Zhaoxu, spokesman for China’s Ministry of Foreign Affairs, said he had no information about the attacks on the oil companies when asked about the issue.