Eric Watkins
Oil Diplomacy Editor
The oil and gas industry experienced a shock last week on learning from a US cyber security firm that hackers based in China had compromised the computer networks of at least five international oil companies (IOCs).
Indeed, according to executives at the Santa Clara, Calif.-based McAfee Inc., there could be up to a dozen or more oil and gas companies involved, with attacks on their networks dating as far back as 2007.
In case you don't know the firm, McAfee creates what it calls "best-of-breed computer security solutions" that prevent intrusions on networks and protect computer systems from the next generation of blended attacks and threats.
If you are in the oil and gas business, then this very clearly is a firm you will want to know about as oil and gas companies represent the primary target of hackers the world over, but especially those based in China.
Computer data stolen
That's the view of Dmitri Alperovitch, McAfee's vice-president for threat research, and his colleague Pamela Warren, a cybercrime strategist whose career includes time in the US intelligence community.
The process of stealing data out of your computer can seem a little arcane, a bit of hocus pocus to people who have little or no experience of the inner workings of these complex electronic networks.
But, as Alperovitch points out, the attacks launched from China are "not the most sophisticated" his firm has seen. Yet, the hackers still have what he calls "remote functionality" in their effort to conduct industrial espionage.
In a word, the China-based hackers are actually able to work inside computers operating all the way around the world. And, most chilling of all, they can operate inside these computers even as their owners also are at work on them.
Social engineering
According to Warren, it all starts with what she calls "social engineering"—something that happens wherever networking takes place, such as a conference or trade fair.
There, individuals continually trade business cards, routinely handing out their e-mail addresses—along with the usual complimentary conversation.
Soon after, according to Warren, executives receive e-mails from the people they met—including e-mails with attachments to be opened. Once opened, the attachment releases spyware into the executive's computer, and the chase is on for information.
In the case of at least one US firm, that chase has resulted in a Chinese company taking over their entire address book. The firm now complains that its longtime clients are being approached by total strangers—and ones based in China.
Warren states the matter succinctly: "The reality is that you are a target, if you are in the oil and gas industry."
More Oil & Gas Journal Current Issue Articles
More Oil & Gas Journal Archives Issue Articles
View Oil and Gas Articles on PennEnergy.com
