Since November 2009, several oil and petrochemical companies have been targets of cyber attacks designed to steal technological secrets and sensitive information "on oil and gas fields." Revealed Thursday by the American Society of McAfee Security, "Operation Dragon Night" was unearthed last week.
"At first we thought it was isolated attacks.It took us a while to understand that this was a major operation coordinated, "says FRANCE 24 Greg Day, security expert at McAfee networks, which refuses to reveal the identity of victims.
These cyber attacks have been carried out by the same procedure. Cyber criminals managed to penetrate the computer systems of enterprises and small leave a malware that allowed them to return incognito thereafter (as a "Trojan horse") to take control of some of servers, where they went fishing for information.McAfee claims that trade secrets were actually stolen, but the major oil companies concerned do not wish to comment on these revelations.
Ambitious operation
Each time, criminals have used the same software to commit their crimes. "The attacks were not particularly complex. Attackers used small pieces of software that can easily be found on the black market on the Internet," said Greg Day.A lack of sophistication which first suggest that amateur hackers - or almost - were behind the attacks.
In retrospect, however, McAfee discovered that the operation was far more ambitious, comparable to the January 2010 attacks against Google in China and the Iranian nuclear contamination by the worm Stuxnet last summer.
This is not the first time, McAfee said, that oil companies are victims of computer attacks. "With financial markets is one of the most targeted by hackers," admits Greg Day. But generally, they seek information on oil production in order to anticipate the course of energy markets.This time, however, the reasons seem different and it seems to be espionage.
A Chinese man identified
To conduct the investigation, the FBI did not start from zero. In his report, McAfee alluded to a possible Chinese origin of the attack. The software has been used by hackers are indeed very popular on Chinese websites that specialize in computer security, one of the passwords used to activate one of them contained the word "China" and theft data were made during business hours, Beijing.
Most importantly, the security company was able to climb a trail to a specific individual.This is a Chinese song named Zhivue, praising the relay computers used to conduct attacks. "But it is only an intermediary in this story," said Greg Day.
The head of "Night Dragon" remains yet to be identified. This is also what led McAfee to make the story public. "It is also quite possible that the operation has affected businesses that are unaware and continues to do damage," says Greg Day.
