BEIJING (AP) - A Chinese man cited by a U.S. security firm as being possibly linked to cyberspying on Western oil companies says his company has rented server space to hundreds of hackers.
The man, Song Zhiyue, is a salesman for a company that rents server space. He said he has heard of Chinese hackers attacking U.S. oil companies but he declined to comment on the case reported Thursday by security firm McAfee Inc.
“Our company alone has a great number of hackers” as customers, Song said in a telephone interview. “I have several hundred of them among all my customers.”
THIS IS A BREAKING NEWS UPDATE. Check back soon for further information. AP’s earlier story is below.
BEIJING (AP) _ Hackers operating from China stole sensitive information from Western oil companies, a U.S. security firm reported Thursday, adding to complaints about pervasive Internet crime traced to the country.
The report by McAfee Inc. did not identify the companies but said the “coordinated, covert and targeted” attacks began in November 2009 and targeted computers of oil and gas companies in the United States, Taiwan, Greece and Kazakhstan. It said the attackers stole information on operations, bidding for oil fields and financing.
“We have identified the tools, techniques, and network activities used in these continuing attacks _ which we have dubbed Night Dragon _ as originating primarily in China,” said the report.
Yet the report did not offer evidence that the attacks were anything other than the standard flavor of corporate espionage that plagues businesses around the world, which the U.S. and China have both accused each other of being deeply involved in.
The fact that oil companies were targeted may speak more to the value of their inside information than any attempt to cause damage to pipelines. McAfee called the attack methods “unsophisticated,” but said the culprits were patient: they may have been inside the networks for years.
“It looked to me like the traditional hack-to-steal-valuable-stuff,” said Josh Shaul, vice president of product management at Application Security Inc., a New York-based database security software maker that wasn’t involved in McAfee’s research. Application Security counts energy companies, including oil firms, among its clients. “It all seemed to me like someone trying to get ahead in the oil industry rather than doing something more nefarious.”
The intruders were prolific in their purloining, snatching files including configurations for the oil companies’ control systems, but Dmitri Alperovitch, vice president of threat research for McAfee, said they didn’t appear to be trying to figure out how to blow up a pipeline or destroy equipment.
“I got a very strong sense that was not their goal,” he said. “They expressed a much stronger interest in financial information.”
Critical infrastructure is increasingly a hacking target as its technology is brought into the Internet age.
An attack might be as simple as getting a low-level employee to open a malicious e-mail link. Or, it might involve exploiting well known vulnerabilities in Internet-connected servers, which is how McAfee said the oil companies were attacked. Finding those weaknesses can be dead simple; programs exist that will scan the Internet and automatically issue an alert when vulnerable servers have been found.View Entire Story
By Andrew P. Napolitano
The president's men trash the Constitution to pursue antagonists
Independent voices from the TWT Communities
Opinion, analysis, and musings on politics, pop culture, reinvention, and the resultant flotsam and jetsam floating around the right-of-center quadrant of the Left Coast.
Consummate traveler Todd DeFeo explores the unique stories that make destinations worth going to.
We welcome you to the intimate and personal thoughts on the news and events we, as editors, watch, read, and discuss with our writers every day.
Benghazi: The anatomy of a scandal
Vietnam Memorial adds four names
Cinco de Mayo on the Mall
NRA kicks off annual convention