Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Chinese Hackers Break into Oil Company Networks

February 22, 2011

You could follow the words "Chinese hackers break into" with almost anything – government agencies, the military, corporations, law firms, etc. and you'd be right.

Nonetheless, it remains disconcerting that we see these stories so often. This particular story was reported by SC Magazine and referenced a report from McAfee Labs. McAfee dubbed the intrusions "Night Dragon" which amused me because the report takes pains to say that all the data exfiltration from Beijing-based IP addresses occured on weekdays from 9-5 Beijing time, suggesting that the perpetrators were working professionals rather than rogue or casual hackers.

While there was no evidence that the intrusions were state-sponsored, I think most experts believe that state-sponsored hacks are an everyday fact of life in China. In this case, the attacks began in November of 2009 seeking proprietary information about oil and gas fields bids and operations. Targeted computers were in the U.S., Taiwan, the Netherlands, Greece and Kazakhstan. There may still be oil companies who have yet to discover that their data has been compromised.

Though none of the companies were disclosed by name, there appear to be 5-12 that were victims.

The hacks did not seem especially sophisticated. SQL injection hacks gave the hackers system-level access and remote-command access. After that, readily available tools were uploaded on the compromised servers, giving the hackers access to the company's intranet.

Password cracking tools helped them obtain usernames and passwords, permitting the hackers ever-deeper access to desktops and servers containing sensitive information. The hackers disabled IE proxy settings so the infected machines could communicate directly to the Internet. Remote admin tools then permitted the hackers to connect to the computers of company executives to secure access to e-mail and sensitive documents.

It's an old refrain, but if these attacks are not state-of-the-art, then why is the security so poor? Certainly one would think that oil companies would have sophisticated defense-in-depth strategies in place. Apparently not so.

E-mail: Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Chinese Hackers Break into Oil Company Networks

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer