- Associated Press - Thursday, February 10, 2011

BEIJING (AP) — Hackers operating from China stole sensitive information from Western oil companies, a U.S. security firm reported Thursday, adding to complaints about pervasive Internet crime traced to the country.

The report by McAfee Inc. did not identify the companies but said the “coordinated, covert and targeted” attacks began in November 2009 and targeted computers of oil and gas companies in the United States, Taiwan, Greece and Kazakhstan. It said the attackers stole information on operations, bids for oil fields and financing.

“We have identified the tools, techniques, and network activities used in these continuing attacks — which we have dubbed Night Dragon — as originating primarily in China,” said the report.

Yet the report did not offer evidence that the attacks were anything other than the standard flavor of corporate espionage that plagues businesses around the world, which the United States and China have accused each other of being deeply involved in.

The fact that oil companies were targeted may speak more to the value of their inside information than any attempt to cause damage to pipelines. McAfee called the attack methods “unsophisticated” but said the culprits were patient: They may have been inside the networks for years.

** FILE ** A Chinese flag flutters outside Google's China headquarters in Beijing on Friday, Jan. 22, 2010. Google closed its China-based search engine last year after complaining of cyberattacks from China against its e-mail service. (AP Photo/Ng Han Guan)
** FILE ** A Chinese flag flutters outside Google’s China headquarters in ... more >

Critical infrastructure is increasingly a hacking target as its technology is brought into the Internet age.

An attack might be as simple as getting a low-level employee to open a malicious e-mail link. Or, it might involve exploiting well-known vulnerabilities in Internet-connected servers, which is how McAfee said the oil companies were attacked. Finding those weaknesses can be dead simple: Programs exist that will scan the Internet and automatically issue an alert when vulnerable servers have been found.

Still, money, not terrorism, appears frequently to be the motive, as it is with most computer crime.

A separate report last year from McAfee and the Center for Strategic and International Studies in Washington found that more than half of the 600 operators of power plants and other critical infrastructure surveyed said their networks were infiltrated by sophisticated adversaries. Extortion was identified as a common motivation. Oil companies were among the most frequently targeted.

Security consultants say China is a leading center for Internet crime, including industrial spying aimed at major companies. Consultants say the high skill level of earlier attacks suggests China’s military, a leader in cyberwarfare research, or other government agencies might be stealing technology and trade secrets to help state companies.

For instance, Google Inc. closed its China-based search engine last year after complaining of cyberattacks from China against its e-mail service.

The Chinese government has denied it is involved.

Officials in the United States, Germany and Britain say hackers linked to China’s military have broken into government and defense systems. Attacks on commercial systems receive less attention because companies rarely come forward, possibly for fear it might erode trust in their businesses.

Spokesmen from several American, British and Greek oil companies said either that they were unaware of the hacking or that they could not comment on security matters.

McAfee, based in Santa Clara, Calif., said the hackers worked through servers in the United States and the Netherlands and used techniques that included taking advantage of vulnerabilities in the Microsoft Windows operating system.

Story Continues →