Processing Magazine

United States Oil Industry Hit by Cyber-Attacks

January 28, 2010
The Christian Science Monitor reports at least three U.S. oil companies were the target of a series of previously undisclosed cyber-attacks, and that experts say highlight a new level of sophistication in the growing global war of Internet espionage. The oil and gas industry breaches were focused on valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show. The companies – Marathon Oil, ExxonMobil, and ConocoPhillips – didn’t realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. The data included e-mail passwords, messages, and other information tied to executives with access to proprietary exploration and discovery information, the source says. The new type of attack involves custom-made spyware that is virtually undetectable by antivirus and other electronic defenses traditionally used by corporations. Experts say the new cyberburglary tools pose a serious threat to corporate America and the long-term competitiveness of the nation. Some of these attacks are believed to be carried out by foreign governments or their surrogates. Spying on other countries’ defense agencies and diplomatic corps undoubtedly remains a focus of Internet espionage. But cyberspies are increasingly targeting strategically important businesses, both because of the information to be gleaned. Many experts say the theft of this kind of information – about, for instance, the temperature and valve settings of chemical plant processes or the source code of a software company – can give competitors an unauthorized advantage.