- Associated Press - Thursday, February 10, 2011

BEIJING (AP) - A Chinese man cited by a U.S. security firm as being possibly linked to cyberspying on Western oil companies says his company has rented server space to hundreds of hackers.

The man, Song Zhiyue, is a salesman for a company that rents server space. He said he has heard of Chinese hackers attacking U.S. oil companies but he declined to comment on the case reported Thursday by security firm McAfee Inc.

“Our company alone has a great number of hackers” as customers, Song said in a telephone interview. “I have several hundred of them among all my customers.”

McAfee said the hackers stole information from oil and gas companies in the United States, Taiwan, Greece and Kazakhstan.

THIS IS A BREAKING NEWS UPDATE. Check back soon for further information. AP’s earlier story is below.

BEIJING (AP) _ Hackers operating from China stole sensitive information from Western oil companies, a U.S. security firm reported Thursday, adding to complaints about pervasive Internet crime traced to the country.

The report by McAfee Inc. did not identify the companies but said the “coordinated, covert and targeted” attacks began in November 2009 and targeted computers of oil and gas companies in the United States, Taiwan, Greece and Kazakhstan. It said the attackers stole information on operations, bidding for oil fields and financing.

“We have identified the tools, techniques, and network activities used in these continuing attacks _ which we have dubbed Night Dragon _ as originating primarily in China,” said the report.

Yet the report did not offer evidence that the attacks were anything other than the standard flavor of corporate espionage that plagues businesses around the world, which the U.S. and China have both accused each other of being deeply involved in.

The fact that oil companies were targeted may speak more to the value of their inside information than any attempt to cause damage to pipelines. McAfee called the attack methods “unsophisticated,” but said the culprits were patient: they may have been inside the networks for years.

“It looked to me like the traditional hack-to-steal-valuable-stuff,” said Josh Shaul, vice president of product management at Application Security Inc., a New York-based database security software maker that wasn’t involved in McAfee’s research. Application Security counts energy companies, including oil firms, among its clients. “It all seemed to me like someone trying to get ahead in the oil industry rather than doing something more nefarious.”

The intruders were prolific in their purloining, snatching files including configurations for the oil companies’ control systems, but Dmitri Alperovitch, vice president of threat research for McAfee, said they didn’t appear to be trying to figure out how to blow up a pipeline or destroy equipment.

“I got a very strong sense that was not their goal,” he said. “They expressed a much stronger interest in financial information.”

Critical infrastructure is increasingly a hacking target as its technology is brought into the Internet age.

An attack might be as simple as getting a low-level employee to open a malicious e-mail link. Or, it might involve exploiting well known vulnerabilities in Internet-connected servers, which is how McAfee said the oil companies were attacked. Finding those weaknesses can be dead simple; programs exist that will scan the Internet and automatically issue an alert when vulnerable servers have been found.

Story Continues →