3 Major Oil Companies Fall Victim to Cyber Espionage

2010-01-19

Mark Clayton of The Christian Science Monitor newspaper is reporting that at least three US oil companies were the target of a series of previously undisclosed cyber attacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of internet espionage.

Clayton writes, "The companies - Marathon Oil, Exxon Mobil, and ConocoPhillips - didn't realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas." This data is said to include email passwords, messages, and other information tied to executives with access to proprietary exploration and discovery information.

Ed Skoudis, cofounder of InGuardians, a computer security firm, stated "We've had friends in the petroleum industry express grave concern because they've spent hundreds of millions of dollars finding out where the next big oil discovery will be. The attacker would be saving huge expenses for himself by stealing that data."

The article states that a new type of attack being used involves custom-made spyware that is virtually undetectable by anti-virus and other electronic defenses traditionally used by corporations - posing a serious threat.

While the oil companies involved refused to comment or confirm the attacks, the breaches have been confirmed through a series of investigations during a 5 month period through interviews with dozens of oil industry insiders, cyber security experts, former government officials and documents describing the attacks. To read the complete article, please visit The Christian Science Monitor.