There has been an “active series” of cyber attacks on natural gas pipeline companies’ computer networks over the past four months, according to the Department of Homeland Security (DHS).
The DHS said “the spear-phishers” (defined as attempting to gain unauthorized access to confidential data), who were first detected in March, have targeted a small, select group of employees at U.S. gas companies. DHS officials acknowledged they are working with the FBI and other federal agencies as well as pipelines to find out who may be behind the intrusions and malicious e-mails.
The FBI declined to comment on the case when contacted by ABC News.
According to U.S. officials, it’s unclear if a foreign power is trying to map the gas systems or if hackers are attempting to harm the pipelines. A previous attack on the oil and gas sector seemed to originate in China.
The hackers are using the spear-phishing technique, according to the DHS, in hopes of stealing passwords and gaining access to the pipelines’ control systems. Spear-phishers send targeted e-mails to specific individuals that seem to come from friends or associates, and when opened, attachments or links in the e-mails release malware into the victim’s computer.
“DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT [Industrial Control Systems Cyber Emergency Response Team] is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats,” DHS spokesman Peter Boogaard told Natural Gas Intelligence.
He said ICS-CERT has held several classified briefings across the country with pipeline owners and operators to share information related to the cyber attacks.
Various sources have provided information to the Homeland Security’s ICS-CERT unit, which investigates threats to public infrastructure, “describing targeted attempts and intrusions into multiple natural gas pipeline sector organizations,” said the ICS-CERT “Monthly Monitor” report.
“Analysis of the malware [malicious software] and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign. The campaign appears to have started in late December 2011 and is active today. Analysis shows that these spear-phishing attempts have targeted a variety of personnel within these organizations; however, the number of persons targeted appears to be tightly focused. In addition, the e-mails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization,” the ICS-CERT report said.
ICS-CERT said it has been working with critical infrastructure owners and operators in the oil and gas sector since March to address the series of cyber intrusions targeting pipeline companies.
The oil and gas sector has been targeted before. In February 2011 the computer security firm McAfee discovered a computer intrusion labeled “Night Dragon” that was traced to China. As part of that attack, individuals tried to obtain sensitive data and financial documents from the oil and gas companies about bids and future drilling exploration projects.
In Washington, Don Santa, president and CEO of the Interstate Natural Gas Association of America, released the following statement in response to the report:
“INGAA and its members take all security issues, including cyber security, very seriously. We have a good, long-standing working relationship with DHS and its agencies. We are working to reinforce to our members the importance of being vigilant against potential cyber threats.
“To our knowledge, the ‘cyber intrusions’ reported to DHS have had no impact on deliveries or the safety of the pipeline system.
“As ICS-CERT said in its article, this particular cyber campaign was brought to its attention by private-sector company reports, demonstrating that existing government-industry collaborative protocols work. The industry will continue to work with the government to ensure the effectiveness of our system protections.”