Industrial spies from the web: A U.S. company for IT security, according to five major oil and gas companies to the victims of targeted hacker attacks have become their infrastructure. The cyber-thieves stole valuable company internals. And obviously they were operating from China.The thieves on the net used to keep regular office hours.
Clock in the morning between nine and five clock afternoon - Beijing time - were made to hack attacks on computer systems of international oil companies always. It says so in the report (PDF), by the renowned U.S. security company McAfee published now. Which companies are specifically affected, said McAfee's not.
"Since November 2009, covert and targeted cyber attacks on global oil, energy and petrochemical companies carried out," says the paper. A whole range of different techniques of attack had come to use: social engineering, ie the attempt to sneak to the trust of employees with specific access rights, is as been used as hack attacks, which targeted a known vulnerability in Microsoft Windows operating systems .
In addition, a number of other techniques have been used, such as those aimed at vulnerabilities in systems for remote maintenance of computer systems. The perpetrators were apparently looking for very specific, economically relevant materials. Thus provide information on project financing, bidding for contracts and licensing negotiations in defining new gas and oil fields had been stolen.
Such information would be "invaluable for competitors," said a McAfee manager. "No evidence of government contract" You have assigned the attackers the project name "Night Dragon". The attacks were made "primarily from China." One of the suspects were able to identify you by name - if it were a Chinese citizen from eastern Chinese city of Heze in Shandong Province, on whose server the computers of the affected companies were controlled.
The attacks were directed from servers in the U.S. and the Netherlands. The events throws a dim light on "the sad state of the security of our critical infrastructure," said Dmitri Alperovitch McAfee manager. The attacks were "not very sophisticated," was, but "very successful in achieving their goals." You got no proof that was traded here in the government order, "says Alperovitch.
So whether it is to spy in the service of Beijing to Datensammelei on behalf of competitors or to professional theft with the hope of affluent prospects is unclear. That any such information with money is available, however, clear. Daily from 9 am to 17 clock clock in the evening Beijing time had the information been available, said McAfee.
This tends to suggest that the men went about a fixed job and no freelance or amateur hackers are. They had entered as a rule either on the public websites of the respective companies in the computer systems, or deception through infected e-mails which were sent to managers. The U.S. Federal Bureau of Investigation would not comment on the "Night Dragon" report to Reuters.
It is known that such threats exist, the specific case, but one can not express themselves. The Chinese government itself was on Thursday relate to the allegations is no direct position. A Foreign Ministry spokesman told reporters: "I know absolutely nothing about this situation, but we often hear of such reports." In fact, there are always reports of hacker attacks from China.
Google entered last year, its search engine in China - as the reason were in the group that there had been hacked the personal e-mail system. Also in European and U.S. companies you are used to test the digital industrial espionage now.
Clock in the morning between nine and five clock afternoon - Beijing time - were made to hack attacks on computer systems of international oil companies always. It says so in the report (PDF), by the renowned U.S. security company McAfee published now. Which companies are specifically affected, said McAfee's not.
"Since November 2009, covert and targeted cyber attacks on global oil, energy and petrochemical companies carried out," says the paper. A whole range of different techniques of attack had come to use: social engineering, ie the attempt to sneak to the trust of employees with specific access rights, is as been used as hack attacks, which targeted a known vulnerability in Microsoft Windows operating systems .
In addition, a number of other techniques have been used, such as those aimed at vulnerabilities in systems for remote maintenance of computer systems. The perpetrators were apparently looking for very specific, economically relevant materials. Thus provide information on project financing, bidding for contracts and licensing negotiations in defining new gas and oil fields had been stolen.
Such information would be "invaluable for competitors," said a McAfee manager. "No evidence of government contract" You have assigned the attackers the project name "Night Dragon". The attacks were made "primarily from China." One of the suspects were able to identify you by name - if it were a Chinese citizen from eastern Chinese city of Heze in Shandong Province, on whose server the computers of the affected companies were controlled.
The attacks were directed from servers in the U.S. and the Netherlands. The events throws a dim light on "the sad state of the security of our critical infrastructure," said Dmitri Alperovitch McAfee manager. The attacks were "not very sophisticated," was, but "very successful in achieving their goals." You got no proof that was traded here in the government order, "says Alperovitch.
So whether it is to spy in the service of Beijing to Datensammelei on behalf of competitors or to professional theft with the hope of affluent prospects is unclear. That any such information with money is available, however, clear. Daily from 9 am to 17 clock clock in the evening Beijing time had the information been available, said McAfee.
This tends to suggest that the men went about a fixed job and no freelance or amateur hackers are. They had entered as a rule either on the public websites of the respective companies in the computer systems, or deception through infected e-mails which were sent to managers. The U.S. Federal Bureau of Investigation would not comment on the "Night Dragon" report to Reuters.
It is known that such threats exist, the specific case, but one can not express themselves. The Chinese government itself was on Thursday relate to the allegations is no direct position. A Foreign Ministry spokesman told reporters: "I know absolutely nothing about this situation, but we often hear of such reports." In fact, there are always reports of hacker attacks from China.
Google entered last year, its search engine in China - as the reason were in the group that there had been hacked the personal e-mail system. Also in European and U.S. companies you are used to test the digital industrial espionage now.
- Oil Firms Hit by Hackers From China, Report Says [Voices] (10/02/2011)
- imabonehead: Chinese hackers infiltrate five energy firms: study - Yahoo! News (10/02/2011)
- Report: Oil Firms Hit by Hackers (10/02/2011)
- Noble Peace Prize Website Attacked By Hackers, Possibly From China (12/11/2010)
- Misleading foreign media - Bill Dodson (10/02/2011)
No comments:
Post a Comment