The technology revolution that is “fracking” has created untold billions in wealth for states like Pennsylvania, Texas, Ohio and Wyoming. But all that oil has attracted the attention of sophisticated spies who are using all means necessary – from hacking to rogue insiders – to steal valuable trade secrets.
Case in point: this report out of local station News 4 San Antonio in Texas about reports of industrial espionage against companies operating in the massive Eagle Ford Shale in south Texas.
The report cites Christopher Combs of the San Antonio FBI saying that federal agents are “very concerned” about theft of trade secrets from companies engaged in “fracking” in the Eagle Ford Shale in Texas.
“It's corporate espionage, there’s no question about it," said Combs. “Foreign governments or foreign companies are looking for any competitive advantage. Whether it's the widget that you use to drill, or it's a process that you use to track inventory better. They're really looking at the company as a whole to find out every little thing that you do that makes you a better company on the world market."
Combs declined to name specific companies or incidents, but sketched out a couple (now common) scenarios. Employees of drilling firms are being targeted when they travel outside the country and having the contents of company laptops stolen. Alternatively, individuals who engage in espionage are being placed inside target companies. Finally: disgruntled employees can ‘go rogue,’ and begin collecting and selling trade secrets to strike back at their employer.
"It's not just the threats coming in from the outside, but what information is going from the inside out," Combs said.
He said Chinese companies are “aggressively” engaged in industrial espionage. However, the problem isn’t limited to China. Companies with ties to governments that are U.S. allies are believed to be conducting espionage against innovative US firms as well.
Hydraulic fracturing – or “fracking” is a method used to extract oil or gas deposits from porous rock like sandstone and shale. The technique was developed in the United States with financial support from the U.S. government and is now used commercially in shale deposits in the U.S., Canada and China.
However, the specific technology and methods associated with fracking are closely guarded and highly valuable to drilling outfits. Recent history suggests that oil and gas exploration is an area of intense activity for cyber spying. In July, the American Petroleum Institute launched an Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) designed to help protect companies in the industry from attacks and evaluate risks through information sharing.
At a national level, the Department of Justice recently announced a reorganization of its National Security Division to focus on the threat of state-sponsored economic espionage and theft of corporate secrets. That, after the DOJ announced cases against five Chinese military officials believed to be linked to cyber espionage against U.S. companies.
However, the government’s ability to stop individual attacks is limited. Just this week, there was news of a private sector effort to take down a China based operation dubbed The Axiom Group that is believed to have been active for more than five years, conducting industrial espionage against a range of firms.
Still, the burden of protecting intellectual property and trade secrets ultimately falls to the organizations that would be victims. Combs of the FBI recommends companies take a “holistic” approach that comprises protections against data theft, online attacks and insider threats.
About Paul Roberts
Paul Roberts is the founder and editor in chief of The Security Ledger. Paul has spent the last decade covering hacking, cyber threats and information technology security, including senior positions as a writer, editor and industry analyst. Most recently, he served as editor of Threatpost.com and a Security Evangelist for Threatpost’s corporate parent, Kaspersky Lab. Prior to that, Paul spent three years covering the enterprise IT security space as a Senior Analyst in The 451 Group’s Enterprise Security Practice, where he covered trends and technology developments in the security market, with a concentration in endpoint security.
More from the Digital Guardian Data Security Knowledge Base:
