ISSSource White Papers

Posts Tagged ‘oil’

Monday, July 13, 2015 @ 03:07 PM gHale

Oil, pharmaceutical, metal mining, software, and Internet-centric multi-billion dollar companies are now the focus of a team of hackers looking to spy on and steal any and all intellectual property, researchers said.

The group originally tied to Apple, Facebook, Microsoft, and Twitter, expanded its cyber espionage operation. They mainly focused on companies in the U.S., Europe, and Canada.

Breaking System Down to Find APT
Security Schism Front and Center
Cyber Incidents Down; Reporting Declines
Insider Attacks Rise, Unaware of Risk

But unlike most cyber espionage groups, this is not a nation state-sponsored operation, according to researchers at Symantec who have been investigating the Morpho organization for the past two years.

This appears to be an organized crime ring with possible U.S. ties. Research found 49 different organizations, most in the U.S., across 20 countries suffered a hit by the Morpho group, which focuses on the Microsoft Exchange and Lotus Domino email servers to spy on corporate correspondence or possibly insert phony emails.

And unlike China’s stealing intellectual property to then pass on to its own companies to manufacture copycat products and technologies, these spies appear to be in the business to make money based on a company’s R&D or other business moves.

“There are two theories, that they are stealing the data for themselves, or selling it to someone else,” said Vikram Thakur, principal research manager on Symantec’s Security Response team. “But it’s more likely that they are using the information to make investments … buying stocks” for financial gain, he said.

One common thread in the attacks at victim organizations who have shared some details on the attacks with Symantec’s team is the Morpho group hit R&D-related computer systems in these firms. Such futuristic intelligence indeed would be valuable to an investor.

Kaspersky Lab also published a report on Morpho, which it calls “Wild Neutron.” According to Kaspersky, the gang uses a stolen valid code certificate, and a Zero Day Flash Player exploit to infect victims.

Costin Raiu, director of Kaspersky’s global research and analysis team, said the gang has been active since 2011, and has hit other interesting targets: “The group’s targeting of major IT companies, spyware developers (FlexiSPY), jihadist forums (the “Ansar Al-Mujahideen English Forum”) and Bitcoin companies indicate a flexible yet unusual mindset and interests,” Raiu said.

They have been infecting high profile companies for several years by using a combination of exploits, watering holes and multi-platform malware, researchers said.

Among its victims, which Symantec did not name, are five additional technology firms (most in the U.S.), three major European pharmaceutical companies, gold and oil commodities firms, and law firms that specialize in the industries in which Morpho is targeting. In the case of one tech company, the attackers hacked the firm’s physical security system, which would have given them a way to track an employee’s movements and even spy on them via a video feed, according to Symantec.

Thursday, July 2, 2015 @ 03:07 PM gHale

Oil from a Santa Barbara, California, pipeline spill spread more than 100 miles to Los Angeles County beaches, the pipeline company said.

Plains All American Pipeline said oil from its pipeline washed ashore as far away as Redondo Beach.

Exxon Denied CA Oil Trucking Permit
Costs Mount after CA Pipeline Spill
CA Pipeline Corroded
Feds Order Pipeline Firm to Finish CA Cleanup

The Houston-based company and state officials said oil from the May 19 spill had reached Manhattan Beach, two miles north of Redondo.

Federal regulators and prosecutors are investigating the spill of up to 101,000 gallons of crude oil along the scenic shore. The reports confirm suspicions that the pipe was the source of tar that washed ashore in Los Angeles about a week after the spill.

Some of the tar came from other sources, such as natural seeps from the ocean floor, the company said.

At a state legislative hearing, Janet Wolf, chair of the Santa Barbara County Board of Supervisors, complained about the scarcity of information on the spread of the oil. Her staff was repeatedly frustrated trying to gather details on the test results from officials leading the spill response and cleanup, she said.

Monday, June 29, 2015 @ 03:06 PM gHale

Nearly all critical infrastructure industry executives acknowledge their organizations are targets for cybercriminals, and 61 percent think their systems could detect a cyber attack on a critical system within 24 hours.

All survey respondents, which included non executives, were not as confident as the executives, according to the survey by Tripwire. The overall response to the question of if their system could detect an attack within 24 hours, 49 percent said yes. Other responses were 24 percent overall said it would take one to three days to respond, while 8 percent said they would find an attack within minutes and another 8 percent were not confident they would find an attack at all.

ICS Security Knowledge Low: Report
Understanding a Botnet Lifecycle
Boards More Active with Security
Malware Injection Prevalent on eCommerce Sites
Malware May: Most Threats Recorded in ‘15

Over 400 executives in the energy, oil, gas and utility industries responded to a Tripwire survey entitled, “Critical Infrastructure Study.”

Although an overwhelming majority of executives have confidence their security systems could quickly detect a cyber attack, security leaders often say executives do not have a full grasp on the reality of the ongoing assaults facing critical infrastructure organizations.

This skewed sense of ability could end up being a problem, considering 83 percent of survey respondents said a cyber attack could do “serious physical damage” to their infrastructure.

When asked if a cyber attack could do serious physical damage to your infrastructure, 83 percent of executives responded in the affirmative.

Wednesday, February 19, 2014 @ 09:02 AM gHale

The largest U.S. utility owner, Duke Energy Corp., wants to sell its interest in 13 power plants in the nation’s Midwest after Ohio regulators denied its request to raise rates.

Citigroup Inc. and Morgan Stanley are advising Duke on the sale of stakes in the coal, oil and natural gas facilities in Ohio, Illinois and Pennsylvania that have a capacity of 6,600 megawatts, Duke said. The company will record a pretax charge of $1 billion to $2 billion in the first quarter from the sale, which it expects will take 12 to 18 months.

Hawaiian Electric Shutters Power Plant
Milwaukee Coal Plant Switching to Gas
3 More Coal Units Closing
KY Power Changing from Coal to Gas

Ohio regulators on Feb. 13 denied Duke’s request to bill customers in the state an additional $729 million through May 31, 2015 to help cover a shortfall between power-plant costs and wholesale electricity prices. The rate request refusal “informed” the decision to sell the plants, said Tom Williams, a company spokesman.

“Our merchant power plants have delivered volatile returns in the challenging competitive market in the Midwest,” Lynn Good, chief executive of Duke, said in the statement. “The earnings profile is not a good strategic fit for Duke Energy.”

The average price of wholesale power in the market for the plants Duke intends to sell, has fallen by nearly half since the 2008 recession due to lower industrial demand and a glut of cheap gas, based on the 2013 average compiled by Bloomberg.

The 13 plants represent the bulk of Duke’s commercial power segment. Eleven of the facilities are in Ohio, one is in Illinois and another is in Pennsylvania.

Tuesday, September 24, 2013 @ 05:09 PM gHale

Oil and gas spill continue to ravage parts of Colorado in the wake of the severe flooding last week.

Regulators were tracking 11 oil spills in the north-central portion of the state, where eight people have died and thousands displaced, the Colorado Oil and Gas Conservation Commission (COGCC) said Thursday.

Exxon Charged with Dumping Fracking Waste
Ground Contamination at Fracking Sites
U-M Eyes MI Hydraulic Fracturing
OH Man Guilty of Dumping Fracking Fluid

Three new spills totaling at least 7,600 gallons had been discovered as flood waters recede. Regulators are now tracking 11 notable leaks totaling at least 34,500 barrels, mostly from storage tanks that toppled or otherwise failed.

The full extent of the damage was still unclear as workers struggled to gain access to some of the worst-hit areas, but officials are now reporting leaks from well sites hit by torrential rains.

Images of tanks that store oil or drilling fluids, unmoored and floating in mud-brown floodwater, have raised concern.

The spills in Colorado present a “major public health issue”, Congressman Jared Polis of the second district of Colorado said in a letter to the COGCC. “In light of the serious conditions on the ground, the industry, at a minimum, must disclose all chemicals that may be contaminating soil and groundwater,” he said.

Fertilizer and pesticides and sewage all pose a major threat to the environment after the rains, but much of the worry surrounds the oil and gas hydraulic fracturing, or fracking.

Fracking pumps millions of gallons of water, chemicals and sand at high pressure deep underground to fracture shale rock deposits that hold vast amounts of oil and gas. Large amounts of that water returns to the surface and ends up stored in the kind of tanks floating in the Colorado floods.

Some companies in Colorado, including Encana Corp. and Anadarko Petroleum Corp. disclose the fracking chemicals used in Weld County wells, according to Frac Focus, a website where energy firms can list substances they use. The drilling fluids contain hydrochloric acid, benzyl chloride and many other chemicals.

A storage tank owned by energy company Anadarko spilled an estimated 125 barrels of oil into the South Platte River in north-central Colorado, the COGCC said on Wednesday.

Denver-based Kerr-McGee Oil and Gas Onshore company, a unit of Anadarko, reported the spill of an unknown volume of condensate into the South Platte last Tuesday from a 300-barrel-capacity storage tank.

Anadarko deployed absorbent booms to the spills, but oil still escaped.

“In both cases, it appears the oil left the site in floodwaters,” the COGCC said in its statement Thursday.

Noble Energy Inc. discovered three wells that were leaking natural gas following the floods last week.

Two of the compromised wells shut down Wednesday, but a third that appeared to be leaking a “limited” amount of gas could not down because it was not safe to get to, the company said Wednesday.

Noble operates more than 8,000 active wells in the DJ Basin in Colorado. Between five and ten percent of those wells have been shut in due to the flood.

Thursday, September 5, 2013 @ 07:09 PM gHale

Seven technical reports released that together form the most comprehensive Michigan-focused resource on hydraulic fracturing, the natural gas and oil extraction process.

The studies, conducted by University of Michigan researchers and totaling nearly 200 pages, examine seven critical topics related to the use of hydraulic fracturing in Michigan, with an emphasis on high-volume methods: technology, geology and hydrogeology, environment and ecology, public health, policy and law, economics, and public perceptions.

OH Man Guilty of Dumping Fracking Fluid
Fracking Fluids Cause of ’07 Fish Kill
Fracking Tied to Ohio Quakes
Fracking Report: Well Water Contaminants

While considerable natural gas reserves exist in Michigan and high-volume hydraulic fracturing has the potential to help access them, they also have to address the possible impacts to the environment and to public health, the U-M researchers said.

Though modern high-volume hydraulic fracturing is not widely used in Michigan today, a main premise of the U-M study is the technique could become more widespread due to a desire for job creation, economic growth, energy independence and cleaner fuels.

“There’s a lot of interest in high-volume hydraulic fracturing, but there really isn’t much activity at the moment in Michigan,” said John Callewaert, project director and director of integrated assessment at U-M’s Graham Sustainability Institute, which is overseeing the project. “That’s why now is a good time to do this assessment.”

These reports conclude the first phase of a two-year U-M project known formally as the Hydraulic Fracturing in Michigan Integrated Assessment. The seven documents provide a solid informational foundation for the project’s next phase, an analysis of various hydraulic fracturing policy options. That analysis be ready to go in mid-2014 and will end up shared with government officials, industry experts, other academics, advocacy groups and the general public.

“Nothing like this has been done before in Michigan,” Callewaert said. “Having this comprehensive, state-specific set of reports will be an invaluable resource that will help guide future decision-making on this issue — and hopefully will help Michigan avoid some of the pitfalls encountered in other states.”

Conclusions of the reports, written by faculty-led, student-staffed teams from various disciplines, include:
• Technology. In view of the current low price of natural gas, the high cost of drilling deep shale formations and the absence of new oil discoveries, it is unlikely that there will be significant growth of the oil and gas industry in Michigan in the near-term future.
• Geology/hydrogeology. A recent flurry of mineral rights acquisitions in the state associated with exploratory drilling suggests the potential for growth in natural gas production through high-volume hydraulic fracturing.
• Environment/ecology. Potential impacts of hydraulic fracturing on the environment are significant and include increased erosion and sedimentation, increased risk of aquatic contamination from chemical spills or equipment runoff, habitat fragmentation and resulting impacts on aquatic and terrestrial organisms, loss of stream riparian zones, and reduction of surface waters available to plants and animals due to the lowering of groundwater levels.
• Public health. Possible hazards in the surrounding environment include impaired local and regional air quality, water pollution and degradation of ecosystems.
• Policy/law. The state is the primary source of law and policy governing hydraulic fracturing in Michigan. The operator of a high-volume hydraulically fractured well must disclose the hazardous constituents of chemical additives to the state Department of Environmental Quality for each additive within 60 days of well completion.
• Economics. The gas extraction industry creates employment and income for Michigan, but the employment effects are modest compared with other industries and not large enough to “make or break” the state’s economy.
• Public perceptions. A slight majority of Michigan residents believe the benefits of fracking outweigh the risks, but significant concerns remain about the potential impacts to human health, the environment and groundwater quality.

In fracking, water, sand and chemicals (in a mix known as hydraulic fracturing fluid) end up injected under high pressure deep underground to crack sedimentary rocks, such as shale, and free trapped natural gas or oil. Though the process has been in use for more than half a century to improve well production, technical advances helped unlock vast stores of previously inaccessible natural gas and oil, resulting in a boom in some parts of the United States.

Chief among the technical advances are directional drilling and high-volume hydraulic fracturing, which often end up used together. In directional drilling, the well operator bores vertically down to the rock formation, then follows the formation horizontally.

Wednesday, September 4, 2013 @ 05:09 PM gHale

Petrobot is now able to efficiently do the dirty work humans just don’t want to do.

Petrobot is a “robot snake arm” or “crawler” that will spend its days in huge vats of oil. Shell’s Petrobot project, also partially funded by the European Union, looks to “develop robots which can replace humans in inspections of pressure vessels and storage tanks widely used in the oil, gas and petrochemical industry.”

Machine Safety Market Keeps Growing
Machine Safety: Comply with Standards
Safety Excellence Award Nominations Open
Safety Issues at Chocolate Maker

Right now, people have to inspect those oil tanks, and it is very hazardous work with all the mess, the chemical fumes, and the hours spent in the giant toxic container.

The oil companies would rather see Petrobot do the job because inspecting an oil container by hand is expensive and time-consuming, and robots could do it faster and cheaper.

When humans do the job it costs the oil company money because “to ensure inspectors’ safety, oil, gas and petrochemical plants have to shut down during inspection operations.” Shutting down those operations, costs companies like Shell quite a bit. On top of that “vessels have to be decoupled from live sections of the plant; then vessels are extensively cleaned to remove all products that can emit flammable or toxic gases; scaffolding is then erected in larger vessels, so that inspectors can access all necessary areas.”

That is a considerable amount of time and labor. Bring in Petrobot instead, and you don’t even have to empty out the tank. Petrobot can dive in and do its assigned chores.

“When a pressure vessel is taken out of service, a robot (in the shape of a snake arm or a crawler) will enter it via a manhole or a nozzle; the robot will then scan along the vessel wall for damages,” Shell said. “A robot will enter the storage tank while the product (petrol or intermediate products) stays in place; the robot will then scan over the tank bottom for damages.”

Tuesday, June 18, 2013 @ 09:06 AM gHale

A campaign called Naikon targets communications, oil, government, media and other types of organizations from Asia.

The cybercriminals rely on the RARSTONE Remote Access Tool (RAT), which is similar to PlugX, to take complete control of their targets’ computers, said researchers at Trend Micro.

Cyber Espionage Program Making Rounds
Pakistan Hit by Targeted Attacks
Iran: Nuclear Sites Safe, Secure
APT Attacks Shut Down

Attackers send out spear-phishing emails that claim to contain documents related to diplomatic discussions in the Asia-Pacific region, Trend Micro researchers said.

When a user opens the documents attached to the emails, a vulnerability in Windows common control ends up exploited, and RARSTONE pushes onto the victim’s computer . In the meantime, a bait document displays to avoid raising suspicion.

Once it finds itself on a device, a backdoor component downloads from a command and control (C&C) server directly to the memory. This allows the threat to go undetected by classic file-based scanning technologies .

Unlike other RATs, RARSTONE checks the Uninstall Registry Key and uses it to find out what applications are on the computer. The programs that interfere with its functions end up removed.

In addition, command and control communications occur via SSL to protect the connection and to make sure malicious traffic blends in with legitimate traffic.

The individuals behind the Naikon campaign, named so because of the “NOKIAN95/WEB” user agent string identified in the attacks, want to ensure their infrastructure is difficult to analyze. They use dynamic DNS domains or registrars that have privacy protections.

“Targeted attacks like this are typically part of broader campaigns meant to stay under the radar and steal information from target entities,” said Maharlito Aquino, Trend Micro Threats analyst.

“Traditional technologies like blacklisting and perimeter controls are not enough to detect or block the components of these campaigns. Instead, enterprises need to increase their visibility and control over their networks in order to identify dubious network traffic .”

Tuesday, May 28, 2013 @ 05:05 PM gHale

General Electric Co. is opening a new laboratory in Oklahoma, buying up related companies, and placing a big bet that cutting-edge science will improve profits for clients and reduce the environmental and health effects of fracking.

“We like the oil and gas base because we see the need for resources for a long time to come,” said Mark Little, a GE senior vice president. He said GE did “almost nothing” in oil and gas just over a decade ago but has invested more than $15 billion in the past few years.

Feds Reveal New Fracking Standards
Haz Mat Team Called to Fracking Site
Fracking Leak Forces Evac
Flawed Fracking Data Hurts EPA

GE doesn’t drill wells or produce oil or gas, but Little said the complexity of the fracking boom plays into the company strengths. As wells end up drilled horizontally at great depths in a variety of formations all around the country, and that means each location may require different techniques.

There are also big differences in how surrounding communities view the boom. There’s been little controversy in traditional oil and gas states such as Oklahoma, but nearby landowners in Pennsylvania, Colorado and other states complained of environmental and health effects.

“My own view is there things can be managed,” Little said of concerns about drilling, adding they need to be managed carefully. He drew a parallel to GE’s work with the aircraft industry, since many decades ago flying was a risky business, but the industry evolved so that even as the speed, distance and number of flights increased, overall safety improved greatly.

Little also pointed out GE has significant experience in wind energy, solar, and in nuclear power. “I think the world needs all of these kinds of systems,” Little said.

Little said the GE strategy ultimately comes down to looking at “minds and machines together.” For example, they have devices that can literally be put down into a well to give people on the surface information about exactly what’s happening a mile or two below ground.

“We’ll get more information than ever before,” he said, and that can be used to help improve production and profits, and to monitor and reduce environmental impacts.

One scientist said that the approach makes sense, and there are past examples of success.

Modern cars are “incomparably cleaner” than older ones, said Neil Donahue, a professor of Engineering and Public Policy at Carnegie Mellon University in Pittsburgh. “There are some real technical issues that these folks at GE might be able to make real progress on.”

Friday, March 15, 2013 @ 01:03 PM gHale

A “dirty blizzard” of sediment was the end result of the oil from the 2010 Deepwater Horizon spill acting as a catalyst for plankton and other surface materials to clump together and fall to the sea floor.

The dirty blizzard phenomenon may explain what happened to some portion of the more than 200 million gallons of spilled oil. Microbes likely processed most of the oil within months of the spill, but government assessments have not accounted for all of the spilled oil.

DoJ: Fine Transocean $1B
BP Pleads Guilty in Gulf Spill
BP Spill Settlements Top $1B So Far
Transocean to Pay $1.4B for Oil Spill

“Some of the missing oil may have mixed with deep ocean sediments, creating a dirty bathtub effect,” said Jeff Chanton, the John Widmer Winchester Professor of Oceanography in the Department of Earth, Ocean and Atmospheric Science at Florida State University and one of the members of the Deep-C Consortium who presented the dirty blizzard hypothesis at a conference in New Orleans that focused on the effects of the oil spill on the Gulf of Mexico ecosystem. “The sediments then fell to the ocean floor at a rate 10 times the normal deposition rates. It was, in essence, an underwater blizzard.”

The consortium confirmed the never before observed dirty blizzard hypothesis by using thorium, lead and radiocarbon isotopes in addition to DNA analyses of sediments.

The oily sediments deposited on the sea floor could cause significant damage to ecosystems and may affect commercial fisheries in the future, Chanton said.

The dirty blizzard hypothesis explains why layers of water that would normally be cloudy with suspended plankton instead appeared transparent during the spill, except for strings of particles falling to the bottom.

“The oil just sucked everything out of the surface,” Chanton said.

Chanton and his Deep-C colleagues are continuing their research to determine exactly how much of the oil ended up on the sea floor.

The Deep-C (Deep Sea to Coast Connectivity in the Eastern Gulf of Mexico) Consortium consists of 10 major institutions, including FSU, Eckerd College, the University of South Florida and Georgia Institute of Technology, involved in a long-term, interdisciplinary study of deep sea to coast connectivity in the northeastern Gulf of Mexico. The study is investigating the environmental consequences of the 2010 oil spill on living marine resources and ecosystem health. The spill left 11 dead and devastated the Gulf Coast environment.

The research was possible in part by the Gulf of Mexico Research Initiative (GoMRI), a 10-year independent research program investigating the effects of the Deepwater Horizon incident.

The mission of the GoMRI is to improve society’s ability to understand and mitigate the impacts of hydrocarbon pollution and stressors on the marine environment and public health. The program started up through a $500 million financial commitment from BP.

Archived Entries