Hackers operating from China stole sensitive information from Western oil companies, a US security firm reported on Thursday, adding to complaints about pervasive Internet crime traced to the country.
The report by McAfee did not identify the companies, but said the “coordinated, covert and targeted” attacks began in November 2009 and targeted computers of oil and gas companies in the US, Taiwan, Greece and Kazakhstan. It said the attackers stole information on operations, bidding for oil fields and financing.
“We have identified the tools, techniques and network activities used in these continuing attacks — which we have dubbed Night Dragon — as originating primarily in China,” the report said.
The report gave no indication the attacks were anything other than standard corporate espionage that plagues businesses around the world, which the US and China have both accused each other of being deeply involved in.
The fact that oil companies were targeted may speak more to the value of their inside information than any attempt to cause damage to pipelines. McAfee called the attack methods “unsophisticated,” but said the culprits were patient: They may have been inside the networks for years.
“It looked to me like the traditional hack-to-steal-valuable-stuff,” said Josh Shaul, vice president of product management at Application Security, a New York-based database security software maker that wasn’t involved in McAfee’s research.
Application Security counts -energy companies, including oil firms, among its clients.
“It all seemed to me like someone trying to get ahead in the oil industry rather than doing something more nefarious,” Shaul said.
The intruders were prolific in their purloining, snatching files including configurations for the oil companies’ control systems, but Dmitri Alperovitch, vice president of threat research for McAfee, said they didn’t appear to be trying to figure out how to blow up a pipeline or destroy equipment.
“I got a very strong sense that was not their goal,” he said. “They expressed a much stronger interest in financial information.”
McAfee said it identified an individual in Heze, Shandong Province, who provided servers that hosted an application that controlled computers at the victim companies.
The report did not identify the man, but US news reports citing McAfee gave his name as Song Zhiyue.
Contacted by phone, Song said he was a salesman for a company, Science and Technology Internet, which rents server space. He said some of his customers were hackers, but he declined to comment on the attacks cited by McAfee. Song said he has not been contacted by Chinese authorities.
“I recently heard about Chinese hackers using US servers provided by companies like ours to attack oil companies in the US. Our company alone has a great number of hackers” as customers, Song said. “I have several hundred of them among all my customers as far as I know.”
Song said hackers using his company’s services had an estimated 10,000 “meat computers” controlled remotely without the owners’ knowledge. He said “yes” when asked whether such activities might be improper, but he said Chinese authorities never have contacted him about them. He hung up the telephone when a reporter asked for other details.
Spokesmen from several US, British and Greek oil companies said they were either unaware of the hacking or that they could not comment on security matters.
A vice president of Taiwan’s biggest oil company, CPC Corp, Taiwan, said it had detected no hacking of its computers.
The executive, Paul Chen (陳綠蔚), said it would investigate.
Taiwan’s computer crime office was not aware of the attacks, a police official said. He spoke on condition of anonymity because he was not permitted to talk to reporters.
China’s police ministry did not respond yesterday to questions about whether it knew of the attacks or was investigating them.
McAfee, based in Santa Clara, California, said the hackers worked through servers in the US and the Netherlands and used techniques -including taking advantage of vulnerabilities in the Microsoft Windows operating system.
McAfee said extraction of information occurred from 9am to 5pm Beijing time on weekdays. It said that suggested the attackers were “company men” on a regular job, rather than freelance or amateur hackers.
The attackers used hacking tools of Chinese origin that are prevalent on Chinese underground hacking forums, McAfee said.
There are no estimates of losses attributable to hacking traced to China, but McAfee has said previously that intellectual property worth an estimated US$1 trillion was stolen worldwide through the Internet in 2008.
McAfee’s report was released ahead of the annual RSA Conference next week in San Francisco. Security firms issue a flurry of reports around such conferences to promote their products and call attention to new hacking trends.
‘IN A DIFFERENT PLACE’: The envoy first visited Shanghai, where he attended a Chinese basketball playoff match, and is to meet top officials in Beijing tomorrow US Secretary of State Antony Blinken yesterday arrived in China on his second visit in a year as the US ramps up pressure on its rival over its support for Russia while also seeking to manage tensions with Beijing. The US diplomat tomorrow is to meet China’s top brass in Beijing, where he is also expected to plead for restraint as Taiwan inaugurates president-elect William Lai (賴清德), and to raise US concerns on Chinese trade practices. However, Blinken is also seeking to stabilize ties, with tensions between the world’s two largest economies easing since his previous visit in June last year. At the
UNSETTLING IMAGES: The scene took place in front of TV crews covering the Trump trial, with a CNN anchor calling it an ‘emotional and unbelievably disturbing moment’ A man who doused himself in an accelerant and set himself on fire outside the courthouse where former US president Donald Trump is on trial has died, police said yesterday. The New York City Police Department (NYPD) said the man was declared dead by staff at an area hospital. The man was in Collect Pond Park at about 1:30pm on Friday when he took out pamphlets espousing conspiracy theories, tossed them around, then doused himself in an accelerant and set himself on fire, officials and witnesses said. A large number of police officers were nearby when it happened. Some officers and bystanders rushed
Beijing is continuing to commit genocide and crimes against humanity against Uyghurs and other Muslim minorities in its western Xinjiang province, U.S. Secretary of State Antony Blinken said in a report published on Monday, ahead of his planned visit to China this week. The State Department’s annual human rights report, which documents abuses recorded all over the world during the previous calendar year, repeated language from previous years on the treatment of Muslims in Xinjiang, but the publication raises the issue ahead of delicate talks, including on the war in Ukraine and global trade, between the top U.S. diplomat and Chinese
RIVER TRAGEDY: Local fishers and residents helped rescue people after the vessel capsized, while motorbike taxis evacuated some of the injured At least 58 people going to a funeral died after their overloaded river boat capsized in the Central African Republic’s (CAR) capital, Bangui, the head of civil protection said on Saturday. “We were able to extract 58 lifeless bodies,” Thomas Djimasse told Radio Guira. “We don’t know the total number of people who are underwater. According to witnesses and videos on social media, the wooden boat was carrying more than 300 people — some standing and others perched on wooden structures — when it sank on the Mpoko River on Friday. The vessel was heading to the funeral of a village chief in