Five oil and gas companies attacked by hackers: McAfee

The networks of at least five oil and gas companies have been attacked by hackers for years, says a report by McAfee.

The study says the "Night Dragon attacks" are a series of co-ordinated and targeted attempts to hack the networks of at least 12 multinational oil, energy and petrochemical companies that began in November 2009. McAfee has said that five companies had confirmed the attacks.

It added that the hackers also attacked "individuals and executives in Kazakhstan, Taiwan, Greece, and the United States to acquire proprietary and highly confidential information." However, the main targets were documents about oil exploration and bidding contracts, said the report.

McAfee said the stolen data would be worth a huge amount of money to competitors.

McAfee director of security strategy Greg Day said that though the attacks were not sophisticated, they were effective.

A White Paper released by McAfee said the attacks began with a SQL-injection technique, which compromised external web servers. Common hacking tools were then used to access intranets, giving attackers access to internal servers and desktops. Usernames and passwords were then harvested and after disabling Internet Explorer proxy settings, hackers were able to establish direct communication from infected machines to the Internet.

Day has said that investigations are not conclusive whether the Night Dragon attacks were state-sponsored.

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up