Russia attacks U.S. oil and gas companies in massive hack

Posted at 6:12 PM, Jul 02, 2014
and last updated 2014-07-03 13:51:23-04

NEW YORK (CNNMoney) — The Cold War didn’t end in the 1990’s. It simply moved online.

That much is clear after a security firm reported this week that Russian hackers have launched unprecedented, highly-sophisticated attacks on Western oil and gas companies.

The cyber operation nicknamed Energetic Bear is the latest example of an ongoing battle between all-seeing American and British cyber spies on one side — and intellectual-property-stealing hackers in China and Russia on the other.

The report by Symantec described how hackers have sneaked malware into computers at power plants, energy grid operators, gas pipeline companies and industrial equipment makers. Most of the targets were in the United States and Spain. The rest were across Europe.

The malware was used to steal documents, usernames and passwords. In the best-case scenario, the hackers only took valuable and sensitive information. At worst, they gained the ability to hijack controls — and even sabotage the nation’s energy supply.

Another security company, Crowdstrike, first spotted the Energetic Bear operation in 2012. Crowdstrike thinks the hackers at Energetic Bear work for — or alongside — Russian government intelligence services at the behest of state-owned gas enterprises, including Gazpro and Rosneft.

Neither the Russian embassy, nor those energy companies, responded to requests for comment.

Why should you care? If a nation breaks into Exxon-Mobil or BP and figures out where they’ve discovered vast oil or natural gas reserves, it could beat them to the punch and start drilling first. If it steals blueprints to the power grid or key pipelines, it could disable them to cause economic chaos — or shut it down during a war.

“The Russians are engaged in aggressive economic and political espionage,” Crowdstrike co-founder Dmitri Alperovitch said.

Security researchers said Energetic Bear is notable for its military precision and planning.

And Energetic Bear hackers aren’t limited to attacking the energy sector. Their malware has also been spotted inside the networks of European and U.S. defense contractors and health care providers, as well as manufacturers, construction companies and universities doing research in the field of nuclear energy.

“We haven’t seen anything at this scale with industrial control systems,” said Kevin Haley, Symantec’s director of security.