Over the last two years (and perhaps as long as four), hackers probably based in China have been targeting several huge multinational energy companies and using long-established techniques to extract information. That’s according to the computer security firm McAfee, which helped some of the companies fight back against the ongoing wave of attacks it has dubbed “Night Dragon.”
“We have confirmed that five companies have been attacked,” said Dmitri Alperovitch, McAfee’s vice president for threat research. He said he suspected that at least a dozen companies might have been affected by the team of computer hackers seemingly based in Beijing and who appeared to work during standard business hours there. “These people seemed to be more like company worker bees rather than free-spirited computer hackers,” he said. “These attacks were bold, even brazen, and they left behind a trail of evidence.” [The New York Times]
In a blog post about the attacks, McAfee CTO George Kurtz notes that the hackers took advantage of techniques that have been around for more than a decade. In fact, he says, their simplicity helped them to evade security software.
During the last two years — and up to four years — the hackers had access to the computer networks, focusing on financial documents related to oil and gas field exploration and bidding contracts, said Alperovitch. They also copied proprietary industrial processes. “That information is tremendously sensitive and would be worth a huge amount of money to competitors,” said Alperovitch. [Reuters]
As with the attacks against Google last year, the question about China-based hacks becomes: Was this online aggression supported by the Chinese government?
Mr. Alperovitch said it was unclear if the attacks were done with any official sanction. “The facts point to Chinese hacker activity that is organized, so [it is] potentially directed either by the private sector or the public sector. But it’s impossible for me to know for sure which one,” he said. [Wall Street Journal]
What is clear from this attack and others, Kurtz says, is that these teams of hackers may have shifted their goals. From the McAfee post:
More and more, these attacks focus not on using and abusing machines within the organizations being compromised, but rather on the theft of specific data and intellectual property. Focused and efficient define the very essence of today’s attackers. Thus, it is vital that organizations work proactively toward protecting the very lifeblood of many organizations: their intellectual property.
80beats: China Tests Its New Stealth Plane–But Don’t Freak Out About It
80beats: Internet Intrigue: China Reroutes the Web, Stuxnet Is Even Scarier
80beats: China Renews Google’s License; Have the Two Reached a Truce?
80beats: Google to China: No More Internet Censorship, or We Leave