Are Houston oil companies, NASA vulnerable to attacks by cyber-spies?


by Dave Fehling / 11 News

Posted on March 5, 2010 at 9:54 AM

HOUSTON—Marathon Oil said it cannot comment on reports that its computers were hacked in past years by spies that may have been working for foreign governments.

What’s more, Marathon is just one of several big companies and government installations in Houston that have reportedly been victims of cyber-espionage.

"This is not about using computers to blow up refineries," said Chris Bronk who researches cyber-security at Rice University’s Baker Institute. "This is very real, it happens all the time."

The threats involve attacking computers, but not to create havoc.

"It’s very carefully crafted not to interrupt things," according to Art Conklin at the University of Houston Center for Information Security. "Because it truly is spying."

The spying may have led to the theft of many megabytes of secret information from Houston oil companies and from the Johnson Space Center.

"This is nothing new from a criminal perspective. What makes it new and interesting is wow, they can do it with the Internet," said Conklin.

Though rarely revealed publically, two major incidents have surfaced in Houston.

One involved the theft of huge amounts of data from computers at the Johnson Space Center in 2005.

In 2008, BusinessWeek revealed the attack, reporting that spies gained access through the Internet.

The magazine said NASA was particularly vulnerable, because so many of its outside contractors access its computers over the Web.

Then, in January, another case came to light involving three oil companies: ExxonMobil, ConocoPhillips and Marathon.

It was at Marathon’s Houston headquarters in 2008 that a high-level executive discovered the attack, according to sources and documents cited by the Christian Science Monitor.

According to the newspaper, the executive noticed a reply to an e-mail.

The problem was, she hadn’t sent the original e-mail.

"(The spy is) mimicking real e-mail. It’s called a spear-phishing type of attack," said Conklin. "(It) works like all other viruses and malware. Once you click on the e-mail and do anything, it’s affecting your machine."

Conklin said the goal is to implant a program that will continually retrieve data that you’re handling and send it back to the spy.

And you’ll never know it.

"These are targeted to specific firms, specific machines, specific people, so your antivirus things won’t pick them up," Conklin said.

So just who is behind these cyber-attacks?

In both the NASA and oil company cases, the reports pointed a finger at China.

Though strongly denied by Chinese diplomats in Washington, the United States government alleges China is likely "conducting a long-term, sophisticated, computer network exploitation campaign" against the U.S. government and industry, according to a 2009 report to the U.S.-China Economic and Security Review Commission.

Bronk said while he has seen no definitive proof China is behind the alleged attacks on the Houston oil companies, he offered this insight:

"If this is China, you have to look at the ties to their oil and gas companies. They’re part of the government---they’re state-owned companies---and their intelligence infrastructure."

China desperately needs oil to fuel its own growth and knowing where Houston companies are finding it would be valuable information.

And when it comes to space, the Chinese have a growing need for technical know-how as they ramp up their own space station and lunar missions.

The Chinese operate a large consulate in Houston, but a liaison there did not respond to a request for a response.

Whoever is behind them, the cyber-attacks show that spies no longer have to even get up from their keyboards to infiltrate Houston’s leading industries.