DHS: Hackers Mounting Organized Cyber Attack on U.S. Gas Pipelines
Government warns gas companies of 'spear-phishing' attack.
May 8, 2012 — -- For the past six months, an unidentified group of hackers has been mounting an ongoing, coordinated cyber attack on the control systems of U.S. gas pipelines, prompting the Department of Homeland Security to issue alerts.
According to U.S. officials, it's unclear if a foreign power is trying to map the gas systems or if hackers are attempting to harm the pipelines. A previous attack on the oil and gas sector seemed to originate in China.
The hackers are using a technique called "spear-phishing," according to the DHS, in hopes of stealing passwords and gaining access to the pipelines' control systems. Spear-phishers send targeted emails to specific individuals that seem to come from friends or associates, and when opened, attachments or links in the emails release malware into the victim's computer
"Various sources provided information to the Industrial Control Systems Cyber Emergency Response Team," stated the DHS in a recent newsletter, "describing targeted attempts and intrusions into multiple natural gas pipeline sector organizations. Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign with spear-phishing activity dating back to as early as December 2011."
According to the DHS, the spear-phishers, who were first detected in March, have targeted a small, select group of employees at U.S. gas companies.
DHS officials and a spokesman have acknowledged they are working with the FBI to find out who may be behind the intrusions and malicious emails.
"The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies," DHS spokesman Peter Boogaard said in a statement. "DHS is coordinating with the FBI and appropriate federal agencies, and DHS's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats."
Boogaard said ICS-CERT has been working with "critical infrastructure owners" in the oil and gas industry since March 2012 to combat the cyber attacks. According to Homeland Security officials, in recent weeks ICS-CERT has held several classified briefings with oil and gas sector companies and organizations to share information about the intrusions.
The oil and gas sector has been targeted before. In February 2011 the computer security firm McAfee discovered a computer intrusion labeled "Night Dragon" that was traced to China. As part of that attack, individuals tried to obtain sensitive data and financial documents from the oil and gas companies about bids and future drilling exploration projects.
The FBI declined to comment on the case when contacted by ABC News.