But, according to the source and documents obtained by the Monitor, her response was too late. The fake had already been forwarded to other people – and someone had clicked on the link it contained. Instantly, an unseen spy program started spreading stealthily across Marathon’s global computer network.
Nearly identical fake e-mails that appeared to come from senior executives were also sent to colleagues in key posts at ExxonMobil and ConocoPhillips – all containing a request for them to analyze the Economic Stabilization Act noted on the subject line, a source familiar with the attacks says.
How successful the cyberspies ultimately were – whoever they were – isn’t publicly known.
“Marathon does not comment on security matters due to the confidential nature of such issues,” the company said in a statement to the Monitor. “Our Company recognizes the critical importance of ensuring the security of all aspects of our operations and to accomplish this we continually monitor and review the security systems and processes we have in place to protect our facilities, employees and the communities in which we operate.”
The attacks that infiltrated Marathon, ExxonMobil, and ConocoPhillips penetrated their electronic defenses using a combination of fake e-mails and customized spyware programs to target specific data, according to multiple sources and documents.
Such customized attacks first began infiltrating corporate computer networks in low numbers around 2004, but have become far more common in the past year. An estimated $1 trillion in intellectual property was stolen worldwide through cyberspace in 2008, according to a study last year by the antivirus company McAfee.