WASHINGTON Feb 10 Hackers working in China
broke into the computer systems of five multinational oil and
gas companies to steal bidding plans and other critical
proprietary information, the computer security firm McAfee Inc
MFE.N said in a new report.
The report, which named the attacks Night Dragon, declined
to identify the five known companies that had been hacked and
said that another seven or so had also been broken into but
could not be identified.
"It ... speaks to quite a sad state of our critical
infrastructure security. These were not sophisticated attacks
... yet they were very successful in achieving their goals,"
said Dmitri Alperovitch, McAfee's vice president for threat
The hackers got into the computers in one of two ways,
either through their public websites or through infected emails
sent to company executives.
During the at least two years -- and up to four years --
the hackers had access to the computer networks, they focused
on financial documents related to oil and gas field exploration
and bidding contracts, said Alperovitch.
They also copied proprietary industrial processes.
"That information is tremendously sensitive and would be
worth a huge amount of money to competitors," said
The hack was traced back to China via a server leasing
company in Shandong Province that hosted the malware, another
term for malicious software, and to Beijing IP addresses that
were active from 9 a.m. to 5 p.m. Beijing time.
McAfee's report did not identify who was behind the
"We have no evidence that this is government sponsored in
any way," said Alperovitch.
McAfee provided the data to the Federal Bureau of
Investigation, which did not respond to requests for comment.
"This is normal business practice in China. It's not always
state sponsored. And they do it to each other," said Jim Lewis,
a cyber expert with the Center for Strategic and International
Studies think tank.
Asked if Beijing normally agreed to arrest hackers, Lewis
responded: "It's not impossible, but it hasn't happened very
Western governments and companies have long been concerned
about corporate espionage based in China.
"We are aware of these types of threats, but we can't
comment specifically about what's in the Night Dragon report,"
said FBI spokeswoman Jenny Shearer.
Washington believes that hacking attacks on Google Inc
(GOOG.O) that briefly prompted the company to pull out of China
were orchestrated by two members of the country's ruling body,
according to U.S. diplomatic cables released by Wikileaks.
The French government is looking into a possible Chinese
role in spying on carmaker Renault SA's (RENA.PA) and Nissan's
electric vehicle program.
In 2007, a Chinese student working at car parts maker Valeo
[VALNTB.UL] was sentenced to prison for obtaining confidential
documents from the automaker. A French tribunal stopped short
of an industrial espionage verdict, instead finding that she
had "abused trust."
(Editing by Andre Grenon)