Cyber attack targets gas pipeline companies
May 8th, 2012
01:50 AM ET

Cyber attack targets gas pipeline companies

by Suzanne Kelly

A series of natural gas pipeline sector companies are being targeted by a cyber attack that appears to have been launched in December, according to a notice from the Department of Homeland Security.

The threat was disclosed in a monthly note published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a DHS division devoted to cybersecurity.

"DHS’s Industrial Control Systems Cyber Emergency Response Team has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies," said DHS spokesman Peter Boogaard.

“The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies," Boogaard said.

According to the ICS-CERT memo, "Analysis shows that the spear-phishing attempts have targeted a variety of personnel within these organizations; however, the number of persons targeted appears to be tightly focused. In addition, the emails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization."

Spear-phishing attacks are efforts to get employees to click on e-mail attachments.

Some attackers have become so sophisticated in their efforts that they research known employees on Internet social sites and then craft an e-mail that appears to come from someone who is known to the intended target.

Once the target clicks on the e-mail, malicious material can easily be uploaded, or systems monitored, often without the person ever knowing about it.

In this case, government investigators have been able to identify the nature of the attacks, but not necessarily the exact size or scope yet.

"DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats," Boogaard said.

The cyber attack appears to have been reported by the private sector companies that would have had access to the information, namely, those under attack.

The self reporting of such attacks has been at the heart of cyber legislation debates on the Hill as lawmakers struggle to find more effective ways to convince private sector companies to not only report, but then to allow the government access to its databases so that it can better understand the source and intention of the attacker or attackers.

In this case, according to the memo, ICS-CERT has not only been able to analyze the data, but it has also gained a prime position from which to monitor the malicious activity - something that generally leads investigators back to not only the source of the attack, but can also allow them to glean clues about the intention and sophistication of the attacker.

Sometimes in cyberspace, it’s what you don’t know that creates the most anxiety. ICS-CERT hasn’t yet said whether it knows what the cyber attackers were hoping to do.

soundoff (32 Responses)
  1. For Testing

    hi http://fortesting.com.au

    February 10, 2014 at 4:12 am | Reply
  2. For Testing

    hi http://fortesting.com.au

    February 10, 2014 at 4:11 am | Reply
  3. Requirement of workers on large scale

    Cyber attack is a common problem which has become highly prominent everywhere. It’s not a good thing that cyber is attacking gas pipeline companies through email scams. http://onetcodeconnection.net/

    January 27, 2014 at 12:47 am | Reply
  4. Jackson Shaw

    I think the interesting aspect of the story is how the basis for the attack is e-mails that look like they come from co-workers and may very well include relevant personal details.

    Generally speaking I sure hope that people aren’t blindly opening attachments just because an e-mail appears to come from someone they know. Everyone does realize that it is possible to fake an e-mail’s from address, right?

    Read the rest here:http://jacksonshaw.blogspot.com/

    May 9, 2012 at 1:10 pm | Reply
  5. UncleSam

    The Department of Homeland Security should change their name to the Department of Homemade Paranoia...
    All they do is take small issues and blow them waaay out of proportion and scare the crap out of Americans.
    Reading the other comments on here, you can see that everyone seems to believe that it's some sort of Terrorist Attack or a giant Conspiracy.
    I've worked in the Control System industry for years and this is nothing new...yet now, it seems to be a 'Terrorist Attack'.
    Cyber Security is a business...don't confuse it with your Safety. ICS-CERT posts a report and the companies then need to spend millions of dollars updating their systems.

    May 9, 2012 at 11:41 am | Reply
  6. EkChuah

    Most of you seem to believe attacks like this originate in the USA or somewhere else where justice could be dealt out. There are more than one of the less friendly nations that have university level schools teaching their "students" how to do these (and worse) attacks. They've been going on for at least ten years. I would suggest you get a copy of Clarke's book "Cyber War" and read it. If you still aren't concerned after reading it, go back to sleep!

    May 8, 2012 at 5:08 pm | Reply
  7. 2012marandalaw

    Someone's hiding something.As Usual.Cyber Attacks are serious,Very serious.If they don't want answers..Then they are hiding something.

    May 8, 2012 at 1:24 pm | Reply
  8. Omen

    What took you so long hackers? Bout time. Lower it to $2.

    May 8, 2012 at 10:20 am | Reply
  9. NN

    Probably a disgruntled employee...

    May 8, 2012 at 9:22 am | Reply
    • tpbco

      Probably not. These are simply Anti-American terrorists with deluded images of self importance.

      May 8, 2012 at 10:01 am | Reply
      • :)

        Being anti-American doesn't necessarily make one delusional.

        May 8, 2012 at 12:47 pm |
  10. ger republikins

    wii don ned ner cumputrs. da dam demokrats invunted da cumputr ser terorizst kin atak dem. da dam demokrats unly wunt 2 raz taxiz n tayk awey r gunz n stuf. wii don ned taxiz fer skools neder. pepl kin bii hom skoold lyk mii. mi dady n his siztr (mi mum) teeched mii. i ned 2 git awey frum dis cumputr b4 da demokrats atak mii. ger republikins!!!!!!!!!!

    May 8, 2012 at 9:03 am | Reply
    • Bill Duke

      You are obviously a product of a democrat controlled public school system.

      May 8, 2012 at 10:15 am | Reply
      • ger republikins

        i m a republikin lyk u. doz demokrat skools r a wast uv muny. iv uz republikins cud hav r wey wii cud hav evry 1 hom skoold lyk mii. mi dady n hiz sistr (mi mum) r rely gud teechrs. ger republikins!!!!!!!!!!!!!

        May 8, 2012 at 10:36 am |
  11. michaelfury

    http://michaelfury.wordpress.com/2009/05/11/the-gas-must-flow/

    May 8, 2012 at 8:04 am | Reply
  12. Charlie

    No doubt the work of home grown leftist rebel Eco-terrorist from ELF, Green Peace or the Sierra Club.

    May 8, 2012 at 7:54 am | Reply
    • Andrew

      Dang those leftist eco-terrorists, doing their best to keep greedy men from blatant rape and pillage of the earths natural resources. How dare they!

      May 8, 2012 at 8:49 am | Reply
    • tpbco

      If found and convicted they should be hung from the very trees they hug until the wind whistles through their bones.

      May 8, 2012 at 9:59 am | Reply
    • Al

      I don't believe it would be an Eco-terrorist group. They would have no desire to do anything of this sorts. If you want a better understanding on why protections should be provided to private industry you should read the book Cyber War. Critical infrastructure disruption isn't about making big corporations lose money, its about impacting America as a whole.

      May 8, 2012 at 10:12 am | Reply
  13. ngc1300

    than. than. stoped. lense. ATTACKS IS(?). RECIEVES. SENTANCES. Hoo-boy!

    C

    May 8, 2012 at 7:06 am | Reply
    • mattski

      Everyone makes a typo and you can't edit your comments. That's why spelling police aren't too common here. Everyone understands the meaning of the post.

      May 8, 2012 at 8:49 am | Reply
  14. JimfromBham

    Our energy supply is directly tied to national security. Once we identify the source(s) of this incursion, swift punishment should follow.

    May 8, 2012 at 6:02 am | Reply
  15. "R" HACKERS TERRORIST ?

    YES & NO , WHERE & WHEN DOES A HACKER BECOME A TERRORIST , well if all traffic lights at an intersection were to become GREEN AT THE SAME TIME , and if that could be repeated by a hacker , than that hacker is a terrorist because the end result ends in terror , anything to do with our nation security on any level is to be defended , and if it is attacked by parties of no nation or military than they are terrorist.

    SO since oil and natural gas piplines are part of our national security , screwing with these on any level must be seen for what it is . we have all seen the results of natural gas events on TV and they are not pretty. and oil spills also are a disaster , and the supply is stoped when things like this occur , so I say if idiots are going to play with our bridges like the five idiots last week , and we see them as terrorist , well we must see through the same lense and ID idiots that play with our oil and natural gas on any level as terrorist . HANDS OFF & CYBER ATTACKS IS STILL AN ATTACK !

    ITS TIME THAT THESE IDIOTS RECIEVE LIFE SENTANCES FOR SCREWING WITH OUR ENERGY RESOURCES

    May 8, 2012 at 4:48 am | Reply
    • :)

      Like the boys at BP?

      May 8, 2012 at 12:52 pm | Reply

Post a comment


 

CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.