Yesterday CBS http://wombletradesecrets.blogspot.com/, today it's The Christian Science Monitor. In this well-written piece, Mark Clayton reports on the oil and gas industry data breaches that are being investigated by the FBI. It is believed, but not proven, that the cyber-hacking originated in China.
Clayton writes: "The new type of attack involves custom-made spyware that is virtually undetectable by antivirus and other electronic defenses traditionally used by corporations. Experts say the new cyberburglary tools pose a serious threat to corporate America and the long-term competitiveness of the nation."
Clayton quotes an industry-hired computer security expert as saying: “We’ve had friends in the petroleum industry express grave concern because they’ve spent hundreds of millions of dollars finding out where the next big oil discovery will be. The attacker would be saving huge expenses for himself by stealing that data.”
The article goes on to report: "While most major nations, including the United States, are conducting Internet espionage, experts say two traditional US adversaries, China and Russia, are among the most aggressive and adept at carrying out such attacks. Both countries are known to have large communities of hackers and a deep base of computer security expertise."
“China, more so than Russia, has a large number of hacker clubs watched closely by the government,” says O. Sami Saydjari, a former Department of Defense employee who runs Cyber Defense Agency, a Wisconsin-based security firm. “These talent pools are all potential recruits for China’s professional cyberwarfare units. We strongly suspect they encourage their hacker groups to go out and attack foreign entities and get practice.”
Clayton says that: "Spying on other countries’ defense agencies and diplomatic corps undoubtedly remains a focus of Internet espionage. But cyberspies are increasingly targeting strategically important businesses, both because of the information to be gleaned and because their defenses are often easier to penetrate.
Google has said it found evidence of at least 20 companies in an array of US industries that had been infiltrated by attacks from China. Was the Chinese government involved? China adamantly says “no.” Whether it was or not, the Google breach reveals how pervasive the new espionage war is becoming and how sophisticated the tools are with which it is being waged."
This is a long piece but this is a synopsis of its interesting conclusions: "China would certainly be interested in this kind of data, experts say. With the country’s economy consuming huge amounts of energy, China’s state-owned oil companies have been among the most aggressive in going after available leases around the world, particularly in Nigeria and Angola, where many US companies are also competing for tracts."
“Knowing which one of those blocks is oil-bearing – and which to go for and which not – is clearly worth something,” says Paul Dorey, former chief information security officer at BP, the world’s third-largest oil company, and now a computer-security consultant in London. “If I was a foreign government, that’s the data I would want to get – and any analysis that reveals [a company’s] intention. Yes, that would be pretty valuable.”
Again, we'll keep posting on this topic as information becomes available. We strongly recommend this piece by Mr. Clayton to our readers interested in this evolving topic.