Publicly disclosed information for this event

Index Number:

Title:

2008_001

A former employee attacks offshore platforms.

Day	Month	Year	Country	Activity	Incident Type
1	May	2008	United States	Offshore	Intrusion

Summary

The victim, a leading drilling firm, relies on sophisticated computer systems which are essential for offshore operations, including remote telemetry and leak detection.

According to sources, after the termination of his contract in May 2008, a former IT consultant with the company allegedly accessed its communication system without authorization. This system, which the consultant had previously set up, ensured communication between the company's onshore offices and offshore oil platforms. The unauthorized intrusion had an important impact on integrity and availability, causing significant financial losses.

Though the company temporarily lost control of its telemetry systems, there were no consequent oil leaks or environmental hazards. The investigations identified evidence pointing to the consultant's involvement. If found guilty, he could be charged with potential penalties reaching up to ten years in prison.

Victim

Pacific Energy Resources

Claimed/Reported Threat Actor

N/A

Origin

Internal

Main impact

Integrity

Recommendations to Offshore to reduce Intrusion risks:

Implement strong access controls and authentication mechanisms to limit unauthorized access, such as Multi Factor Authentication.
Regularly update and patch software and systems to address known vulnerabilities.
Use Network Intrusion Detection Systems (NIDS) to monitor and block suspicious activities.
Segment your network to limit lateral movement by attackers in case of a breach.
Educate your employees about phishing attacks and social engineering tactics to prevent credential theft.

Files generated on Thursday, 10th October 2024.
ADMIRAL is licensed under the Creative Commons