INSIGHT: Extended cyber attacks on chemical firms a clear warning

01 November 2011 15:59  [Source: ICIS news]

LONDON (ICIS)--An extended period of cyber attacks on 29 chemical companies globally seeking intellectual property is indicative of a broader trend, Symantec said on Tuesday.

Chemical producers and advanced materials makers were subject to the onslaught for a two-and-a-half month period this year.

Individuals in the firms received emails either talking about purportedly agreed business meetings or IT systems security updates. They contained a self-extracting executable file – PoisonIvy – as an attachment that Symantec describes as a “common backdoor Trojan developed by a Chinese speaker”.  

“The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage,” the internet security firm says.

Once a computer is infected, attackers can determine the IP address of machines within connected networks, with the aim of gaining access to intellectual property. That information could then be uploaded to their own systems.

US-headquartered Dow Chemical has admitted to the BBC that it was subject to attack around the middle of the year, but does not believe that its operations were compromised.

US-based Symantec has not revealed which companies were subject to the attacks but has given details of their location.

The very nature of the attacks, their source and who might lie behind them focus the cyber security debate within the industry.

Chemical and advanced material companies were subjected to a concerted cyber attack between July and September 2011, Symantec says in its report “The nitro attacks: Stealing secrets from the chemical industry”.

The attackers appear to have sought to collect intellectual property such as design documents, formulas and manufacturing processes, and have a lengthy history of previous action against other organisations and in other sectors. But the attacks on chemical companies stand out because they lasted so long.

The attacks were traced back to a computer system in the US operating as a virtual private server (VPS). It was controlled by a “20-something” male located in the Hebei region of China given the pseudonym Covert Grove by Symantec.

The majority of infected computers were located in the US, Bangladesh and the UK. Over a two-week period, 12 of the companies targeted were headquartered in the US and five in the UK. Two were based in Denmark and one each in Belgium, the Netherlands, Italy, Saudi Arabia and Japan.

“We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role," Symantec says. “Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties.”

The attackers focused on human rights-related non-governmental organisations (NGOs) from late April until early May this year and the automobile industry in late May, but there was a gap with no activity recorded between June and mid-July. Then the attacks on chemical companies began.

A further 19 companies, mostly in the defence industry, were infected as well but Symantec says that this is probably the minimum number.

And it is the type of companies that is likely to worry industry and security experts.

Fortune 100 chemical and advanced materials companies focused on military vehicles were subject to the attacks. Symantec says that “companies involved in developing manufacturing infrastructure for the chemical and advanced materials industry” were also compromised.

The seriousness of the attacks should not be underestimated.

An international conference in London on Tuesday, which has attracted some big name politicians and industry experts, is seeking to lay the ground for wider international cooperation to target cyber crime.

Experts say that attacks in the UK, for instance, have reached disturbing levels, with major government departments such as the Foreign Office targeted.

Organised crime has moved into cyberspace, exploiting the knowledge and enthusiasm of generally young, keen, mathematically literate individuals. All organisations and companies are exposed as internet usage increases and becomes more readily accessible.

Safety lies in better security systems but particularly in a better understanding by all employees of  the security threats and how to avoid them.

By: Nigel Davis
+44 20 8652 3214

AddThis Social Bookmark Button

For the latest chemical news, data and analysis that directly impacts your business sign up for a free trial to ICIS news - the breaking online news service for the global chemical industry.

Get the facts and analysis behind the headlines from our market leading weekly magazine: sign up to a free trial to ICIS Chemical Business.

Printer Friendly