Skip to Content

Cyberspying Targets Energy Secrets

Intruders seek data on oil deposits, cutting-edge technology.
March 18, 2014

Take a tour of 1366 Technologies, a startup near Boston that is developing a cheaper way to make solar cells, and you will see open spaces with low cubicles, engineers at their desks, a machine shop, and testing equipment running silicon wafers through their paces.

But the tour is a bluff: it’s what you don’t see that’s really interesting. In another part of the building—one with no obvious way in—sit the engineers working on the core technology, machines that could cut the cost of silicon wafers for solar cells in half. Perhaps most important, computers used for the real work are entirely cut off from the Internet.

“We are paranoid,” 1366 CEO Frank van Mierlo says. “We’ve taken our entire engineering server offline and air-gapped it, like the Department of Defense.”

There has recently been much talk in Washington about the need to guard critical infrastructure, such as power plants, against possible enemy cyberattacks. But energy companies say that their key inventions and business data are already the target of increasingly sophisticated cyber-espionage.

“[It] quietly kept getting worse and worse,” Dana Deasy, the former chief information officer of BP, said last November during a meeting of information technology executives in Barcelona, Spain. “You finally wake up one day and you’re sitting in a world where this is a serious threat to the industry as a whole.”

Attacks can go unnoticed for years, or are never reported. As a result, estimates of stolen intellectual property vary “so widely as to be meaningless,” according to a 2011 report on foreign cyberspying by the U.S. Director of National Intelligence, which cited calculations of between $2 billion and $400 billion a year.

Companies say they worry most about state-sponsored attacks, which tend to be “incredibly well organized, incredibly sophisticated,” according to BP’s Deasy.

Some of the hackers are looking for proprietary data about oil fields, painstakingly gathered using costly seismic surveys, which underpins a business worth $3 trillion a year. Adam Segal, a fellow for China studies at the Council on Foreign Relations, says stolen survey data is believed to have influenced bidding on Iraqi oil fields.

Attackers leave clues but are rarely caught. In 2011, the security firm McAfee described “operation Night Dragon,” a series of computer intrusions at oil and gas companies that they traced to China. Researchers at CrowdStrike have been tracking an “adversary group” they call Energetic Bear, based in the Russian Federation, which strikes western energy firms by installing malware that collects passwords. The United States allegedly spied on the Brazilian state oil giant Petrobras.

Few companies will admit they’ve been the victims of espionage. One that did is American Superconductor. In 2011, the Massachusetts company sued its largest customer, the Chinese wind-turbine maker Sinovel, saying it had stolen its key technology, a way of making it easier for wind turbines to integrate with the electricity grid.

In August, a federal grand jury indicted Sinovel, alleging that it had offered money and an apartment in Beijing to induce an American Semiconductor employee to e-mail the source code for the technology to China. American Superconductor says it lost $800 million in revenues and its stock cratered, falling more than 75 percent.

The case points to how intellectual-property theft often relies not only on sophisticated computer attacks but also on insiders. But it justifies the care that 1366 takes, says CEO van Mierlo: “You only have to listen to the horrible stories of American Superconductor to know how damaging this stuff can be.”

Keep Reading

Most Popular

wet market selling fish
wet market selling fish

This scientist now believes covid started in Wuhan’s wet market. Here’s why.

How a veteran virologist found fresh evidence to back up the theory that covid jumped from animals to humans in a notorious Chinese market—rather than emerged from a lab leak.

light and shadow on floor
light and shadow on floor

How Facebook and Google fund global misinformation

The tech giants are paying millions of dollars to the operators of clickbait pages, bankrolling the deterioration of information ecosystems around the world.

masked travellers at Heathrow airport
masked travellers at Heathrow airport

We still don’t know enough about the omicron variant to panic

The variant has caused alarm and immediate border shutdowns—but we still don't know how it will respond to vaccines.

This new startup has built a record-breaking 256-qubit quantum computer

QuEra Computing, launched by physicists at Harvard and MIT, is trying a different quantum approach to tackle impossibly hard computational tasks.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.