Entry Title: WHID 2011-39: Hackers Breach Tech Systems of Oil Companies WHID ID: 2011-39 Date Occurred: February 10, 2011 Attack Method: SQL Injection Application Weakness: Improper Input Handling Outcome: Leakage of Information Attacked Entity Field: Energy Attacked Entity Geography: Incident Description: At least five multinational oil and gas companies suffered computer network intrusions from a persistent group of computer hackers based in China, according to a report released Wednesday night by a Silicon Valley computer security firm. According to the report, the intruders used widely available attack methods known as SQL injection and spear phishing to compromise their targets. Once they gained access to computers on internal company networks, they would install remote administration software that gave them complete control of those systems. That made it possible for the intruders to search for documents as well as stage attacks on other computers connected to corporate networks. Mass Attack: No Mass Attack Name: Night Dragon Number of Sites Affected: 5 Reference: http://www.nytimes.com/2011/02/10/business/global/10hack.html?_r=1 Attack Source Geography: China