A cyberattack wiped out data on three-quarters of Aramco’s PCs on Saudi Aramco’s Khurais plant, reports the NY Times. The hackers picked the one day of the year they knew they could inflict the most damage on the world’s most valuable company, Saudi Aramco.
Leon Panetta, secretary of defense for the United States, called the attack a “significant escalation of the cyber threat.”
On Aug. 15, more than 55,000 Saudi Aramco employees stayed home from work to prepare for one of Islam’s holiest nights of the year — Lailat al Qadr, or the Night of Power — celebrating the revelation of the Koran to Muhammad.
That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.
United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility. But their online message and the burning flag were probably red herrings, say independent computer researchers who have looked at the virus’s code.
Immediately after the attack, Aramco was forced to shut down the company’s internal corporate network, disabling employees’ e-mail and Internet access, to stop the virus from spreading.
Computer security researchers noted that the same name, Wiper, had been given to an erasing component of Flame, a computer virus that attacked Iranian oil companies and came to light in May. In contrast to Stuxnet, Flame appeared to be designed not to do damage but to secretly collect information from a wide variety of sources.
Iranian oil ministry officials have claimed that the Wiper software code forced them to cut Internet connections to their oil ministry, oil rigs and the Kharg Island oil terminal, a conduit for 80 percent of Iran’s oil exports.
American intelligence officials blame Iran for a similar, subsequent attack on RasGas, the Qatari natural gas giant, two weeks after the Aramco attack. They also believe Iran engineered computer attacks that intermittently took America’s largest banks offline in September, and last week disrupted the online banking Web sites of Capital One and BB&T.
The attack, intelligence officials say, was a wake-up call. “It proved you don’t have to be sophisticated to do a lot of damage,” said Richard A. Clarke, the former counterterrorism official at the National Security Council. “There are lots of targets in the U.S. where they could do the same thing. The attacks were intended to say: ‘If you mess with us, you can expect retaliation.’ ”
Related Dailywireless articles include; Concerns Linger over Huawei and ZTE, 1 million Apple Unique Device Identifiers Hacked? , Stellar Wind, NRO: The Real Ice Station Zebra?, DEFCON 20, FISA Amendments Extended, ISPs Adopt Cyber Security Recommendations, Russians Not Controling Springfield Water Pumps, Dueling Cyber Security Bills, SCADA: How Big a Threat?, Stuxnet: Year One, Cyber War: The New Frontier, Wireless Providers Team on AMR and SmartGrid.