V3.co.uk, 24 Feb 2011
The Night Dragon hacking attacks uncovered by security vendor McAfee were targeted at some of the world’s largest petrochemical companies, including Shell, Exxon Mobil and BP, according to new reports.
A Bloomberg report citing “one of the companies and investigators who declined to be identified” said that the list of targeted companies also included Marathon Oil, ConocoPhillips and Baker Hughes.
Legal and financial information on the companies’ deals appear to have been the main targets for the hackers, the report added.
The revelations cast new doubt on the state of information security systems in large global companies.
The Night Dragon attacks, which could date back as far as four years, originated in China, according to McAfee.
The attacks used methodical but far from sophisticated hacking techniques, including SQL injection, password hacking and remote access Trojans, according to McAfee’s European director of security strategy, Greg Day.
“Why is it only now coming to light? Well, the environments and security controls these days are so complex it is very easy for them to slip under the radar of visibility,” he said at the time.
“Only really in the last few weeks have we been able to get enough intelligence together to join the dots up, so our goal now is to make the public aware.”
Companies suspecting that they may have been targeted are urged to look through anti-virus and network traffic logs to see whether systems have been compromised.