We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.

Business Report

Cyberspying Targets Energy Secrets

Intruders seek data on oil deposits, cutting-edge technology.

Intellectual property theft can destroy companies.

Take a tour of 1366 Technologies, a startup near Boston that is developing a cheaper way to make solar cells, and you will see open spaces with low cubicles, engineers at their desks, a machine shop, and testing equipment running silicon wafers through their paces.

But the tour is a bluff: it’s what you don’t see that’s really interesting. In another part of the building—one with no obvious way in—sit the engineers working on the core technology, machines that could cut the cost of silicon wafers for solar cells in half. Perhaps most important, computers used for the real work are entirely cut off from the Internet.

“We are paranoid,” 1366 CEO Frank van Mierlo says. “We’ve taken our entire engineering server offline and air-gapped it, like the Department of Defense.”

This story is part of our May/June 2014 Issue
See the rest of the issue

There has recently been much talk in Washington about the need to guard critical infrastructure, such as power plants, against possible enemy cyberattacks. But energy companies say that their key inventions and business data are already the target of increasingly sophisticated cyber-espionage.

“[It] quietly kept getting worse and worse,” Dana Deasy, the former chief information officer of BP, said last November during a meeting of information technology executives in Barcelona, Spain. “You finally wake up one day and you’re sitting in a world where this is a serious threat to the industry as a whole.”

Attacks can go unnoticed for years, or are never reported. As a result, estimates of stolen intellectual property vary “so widely as to be meaningless,” according to a 2011 report on foreign cyberspying by the U.S. Director of National Intelligence, which cited calculations of between $2 billion and $400 billion a year.

Companies say they worry most about state-sponsored attacks, which tend to be “incredibly well organized, incredibly sophisticated,” according to BP’s Deasy.

Some of the hackers are looking for proprietary data about oil fields, painstakingly gathered using costly seismic surveys, which underpins a business worth $3 trillion a year. Adam Segal, a fellow for China studies at the Council on Foreign Relations, says stolen survey data is believed to have influenced bidding on Iraqi oil fields.

Attackers leave clues but are rarely caught. In 2011, the security firm McAfee described “operation Night Dragon,” a series of computer intrusions at oil and gas companies that they traced to China. Researchers at CrowdStrike have been tracking an “adversary group” they call Energetic Bear, based in the Russian Federation, which strikes western energy firms by installing malware that collects passwords. The United States allegedly spied on the Brazilian state oil giant Petrobras.

Few companies will admit they’ve been the victims of espionage. One that did is American Superconductor. In 2011, the Massachusetts company sued its largest customer, the Chinese wind-turbine maker Sinovel, saying it had stolen its key technology, a way of making it easier for wind turbines to integrate with the electricity grid.

In August, a federal grand jury indicted Sinovel, alleging that it had offered money and an apartment in Beijing to induce an American Semiconductor employee to e-mail the source code for the technology to China. American Superconductor says it lost $800 million in revenues and its stock cratered, falling more than 75 percent.

The case points to how intellectual-property theft often relies not only on sophisticated computer attacks but also on insiders. But it justifies the care that 1366 takes, says CEO van Mierlo: “You only have to listen to the horrible stories of American Superconductor to know how damaging this stuff can be.”

The race is on to define the new blockchain era. Get a leg up at Business of Blockchain 2019.

Register now
Next in this Business Report
Spies, Technology, and Business

How the NSA eavesdropping scandal could balkanize the Internet or make it safer.

Want more award-winning journalism? Subscribe to Print + All Access Digital.
  • Print + All Access Digital {! insider.prices.print_digital !}*

    {! insider.display.menuOptionsLabel !}

    The best of MIT Technology Review in print and online, plus unlimited access to our online archive, an ad-free web experience, discounts to MIT Technology Review events, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    6 bi-monthly issues of print + digital magazine

    10% discount to MIT Technology Review events

    Access to entire PDF magazine archive dating back to 1899

    Ad-free website experience

    The Download: newsletter delivery each weekday to your inbox

    The MIT Technology Review App

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.