MONITOR EXCLUSIVE: Breaches show how sophisticated industrial
espionage is becoming. The big question: Who's behind them?
At least three US oil companies were the target of a series of
previously undisclosed cyberattacks that may have originated in
China and that experts say highlight a new level of sophistication
in the growing global war of Internet espionage.
The oil and gas industry breaches, the mere existence of which
has been a closely guarded secret of oil companies and federal
authorities, were focused on one of the crown jewels of the
industry: valuable "bid data" detailing the quantity, value, and
location of oil discoveries worldwide, sources familiar with the
attacks say and documents obtained by the Monitor show.
The companies - Marathon Oil, ExxonMobil, and ConocoPhillips -
didn't realize the full extent of the attacks, which occurred in
2008, until the FBI alerted them that year and in early 2009.
Federal officials told the companies proprietary information had
been flowing out, including to computers overseas, a source familiar
with the attacks says and documents show.
The data included e-mail passwords, messages, and other
information tied to executives with access to proprietary
exploration and discovery information, the source says.
While China's involvement in the attacks is far from certain, at
least some data was detected flowing from one oil company computer
to a computer in China, a document indicates. Another oil company's
security personnel privately referred to the breaches in one of the
documents as the "China virus."
"What these guys [corporate officials] don't realize, because
nobody tells them, is that a major foreign intelligence agency has
taken control of major portions of their network," says the source
familiar with the attacks. "You can't get rid of this attacker very
easily. It doesn't work like a normal virus. We've never seen
anything this clever, this tenacious."
Neither Marathon Oil, ExxonMobil, nor ConocoPhillips would
comment on the attacks or confirm that they had happened. But the
breaches, which left dozens of computers and their data vulnerable
in those companies' global networks, were confirmed over a five-
month Monitor investigation in interviews with dozens of oil
industry insiders, cybersecurity experts, former government
officials, and by documents describing the attacks
"We've seen real, targeted attacks on our C-level [most senior]
executives," says one oil company official, who, like others
familiar with various aspects of the attacks, spoke only on
condition of anonymity. "I was at a meeting with the FBI earlier
this year  that was pretty eye-opening."
The new type of attack involves custom-made spyware that is
virtually undetectable by antivirus and other electronic defenses
traditionally used by corporations. Experts say the new
cyberburglary tools pose a serious threat to corporate America and
the long-term competitiveness of the nation.
"We've had friends in the petroleum industry express grave
concern because they've spent hundreds of millions of dollars
finding out where the next big oil discovery will be," says Ed
Skoudis, cofounder of InGuardians, a computer security firm, who was
called last year to help a big oil and gas company secure its bid
data after its computer network was infiltrated. He wouldn't name
the company. "The attacker would be saving huge expenses for himself
by stealing that data."
Not so long ago, computer hacking was mainly the handiwork of
individuals with overactive imaginations and good programming
skills, and they often broke into computers for sport. More
recently, people with more sinister motives - including organized
criminal gangs - have made an industry out of stealing credit-card
information and personal identities for quick cash.
But lurking in the cybershadows is a far more insidious and
sophisticated form of computer espionage that, until the recent
exposure by search-engine titan Google, was little publicized and
often went undetected. …