Cyber Attack Knocks Offline Saudi Aramco 67
wiredmikey writes "Saudi Aramco, Saudi Arabia's national oil company and the largest oil company in the world, confirmed that is has been hit by a cyber attack that resulted in malware infecting user workstations and forcing IT to kill the company's connection to the outside world. '..An official at Saudi Aramco confirmed that the company has isolated all its electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption that affected some of the sectors of its electronic network,' the company wrote in a statement. This incident follows an attack on systems at the National Iranian Oil Company back in April, when a virus was detected inside the control systems of Kharg Island oil terminal, which also resulted in the company taking its systems offline. In response to continued cyber attacks against its networks and facilities, Iran earlier this month said it plans to move key ministries and state bodies off the public Internet to protect them from such attacks."
When I was (Score:5, Interesting)
Re:When I was (Score:5, Interesting)
You got infected by a generic virus. In this case it seems the attack was specifically designed to target this company.
On a side note. Let me guess, another Windows IT infrastructure.
Re:is it wrong? (Score:4, Interesting)
Is it wrong that I feel like cheering?
They don't want us to be able to see scantily clad women. That makes me pissed off right there.
On the other hand, this was an attack against their oil export capacity. The faster the rest of the world can suck the hydrocarbons out of the middle east, the faster we can go back to letting them fight amongst themselves over god's own sandbox on earth...
Re:When I was (Score:5, Interesting)
Absolutely. That's not because Saudi Aramco is incompetent. I believe they would actually be one of the largest companies in the world, if they weren't state owned. They run operations on a truly mind blowing scale with very few problems or disruptions (when was the last time you heard about them?).
The reason is unfortunately far more depressing than one incompetent company. The reason is that the industrial process control world long ago standardized on Microsoft DCOM as the protocol used for monitoring and controlling large systems. DCOM is an insanely complicated protocol - trust me on this, I'm one of the very few people in the world who has reimplemented it. Therefore it's natural to use Microsofts implementation, which means Windows. Technically the protocol is called "OLE for Process Control" (OPC). In particular Saudi Aramcos Abqaiq stabilization facility, through which around 1/8th of the worlds oil supply flows, uses OPC extensively [integrationobjects.com].
Incidentally Abqaiq, like all of Aramcos big facilities, is defended by some pretty insane security. The guards there are heavily armed and shoot first, ask questions later. They need to - a few years ago suicide bombers attempted to detonate a truck inside the complex [saudidefence.com]. I've read they also have SAM sites and fighter jets on 24/7 standby in case somebody tries to crash a plane into it.
I think it's very likely that this is an extension of America and Israels war against Iran, targeting their industrial/economic infrastructure instead of just uranium enrichment. The MO matches that of Stuxnet and we know that they're rather careless about letting their creations escape and cause havoc outside the intended targets. The stories we saw recently about code encrypted under a hash of various file paths sounds strongly like it was intended to match an unknown computer that performs a specific function, rather than a specific computer that was already reconned, otherwise the key could just be a hash of the HDD serial numbers/MAC addresses or other things that are less likely to change. One can imagine that the target computer might be inside an Arabic speaking oil refinery. Typically these refineries and facilities are built by a small number of western contractors. One can also imagine that computers meeting the target configurations exist not only in Iranian facilities but also other countries.