DHS & FBI Investigate Cyber Attacks on NatGas Pipelines

According to an article published by Natural Gas Intelligence (NGI), the Department of Homeland Security (DHS) and FBI are investigating a series of ongoing cyber attacks against the computer networks of major natural gas pipelines in the U.S. The attackers use “spear-phishing” techniques, which use Facebook and other public sources of information to gather details about employees to send emails from alleged coworkers in order to trick them into revealing information or clicking on infected links.

From NGI:

There has been an "active series" of cyber attacks on natural gas pipeline companies’ computer networks over the past four months, according to the Department of Homeland Security (DHS). The department said it is working with the FBI and other federal agencies, as well as pipelines, to bring down the cyber intruders, Natural Gas Intelligence (NGI) reported.

"The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies. DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT [Industrial Control Systems Cyber Emergency Response Team] is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats," DHS spokesman Peter Boogaard told NGI.

He noted that ICS-CERT has held several classified briefings across the country with pipeline owners and operators to share information related to the cyber attacks. Obama administration officials and Senate staff met Monday to discuss the situation.

Various sources have provided information to the Homeland Security’s ICS-CERT unit, which investigates threats to public infrastructure, "describing targeted attempts and intrusions into multiple natural gas pipeline sector organizations," said the ICS-CERT "Monthly Monitor" report in April.

"Analysis of the malware [malicious software] and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign. The campaign appears to have started in late December 2011 and is active today. Analysis shows that these spear-phishing attempts [to gain unauthorized access to confidential data] have targeted a variety of personnel within these organizations; however, the number of persons targeted appears to be tightly focused. In addition the e-mails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization," the ICS-CERT report said.

ICS-CERT said it has been working with critical infrastructure owners and operators in the oil and gas sector since March to address the series of cyber intrusions targeting pipeline companies.

Additional updates will be issued as new information becomes available, the DHS said.

To read the Natural Gas Intelligence news reports on this and other natural gas events real-time go to intelligencepress.com and sign up for a free trial.

Intelligence Press Inc., is an independent publishing company serving the energy industry since 1981 with real-time news and price survey reports for the natural gas market in its publications: Natural Gas Intelligence, Daily Gas Price Index, Weekly Gas Price Index. Its new publication, NGI’s Shale Daily at //shaledaily.com/ is the first daily publication devoted exclusively to the unfolding shale revolution that is rewriting the energy outlook in North America.*

Note: NGI’s Shale Daily is an advertiser on MDN, one which MDN highly recommends you read!

*Intelligence Press (May 8, 2012) – Homeland Security Investigates Cyber Attacks on Gas Pipelines, NGI Reports