Cyber Attack Knocks Offline Saudi Aramco 67
wiredmikey writes "Saudi Aramco, Saudi Arabia's national oil company and the largest oil company in the world, confirmed that is has been hit by a cyber attack that resulted in malware infecting user workstations and forcing IT to kill the company's connection to the outside world. '..An official at Saudi Aramco confirmed that the company has isolated all its electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption that affected some of the sectors of its electronic network,' the company wrote in a statement. This incident follows an attack on systems at the National Iranian Oil Company back in April, when a virus was detected inside the control systems of Kharg Island oil terminal, which also resulted in the company taking its systems offline. In response to continued cyber attacks against its networks and facilities, Iran earlier this month said it plans to move key ministries and state bodies off the public Internet to protect them from such attacks."
When I was (Score:5, Interesting)
Re:When I was (Score:5, Funny)
Re: (Score:2)
No no, the Zionist Lobbies secretly control [youtube.com] all American politicians. They're too busy with that to bother with sabotage. For that, look to Mossad [foreignpolicy.com]. Let's keep our conspiracy theories straight!
Re: (Score:1)
No, no! The Zionist lobby is actually an elaborate scheme by horny IDF soldiers to schtupp stupid Jewish girls from Great Neck and Los Angeles. http://www.jewlicious.com/2011/02/the-unofficial-guide-to-sex-on-birthright-israel/ [jewlicious.com]
Re: (Score:2)
Re:When I was (Score:5, Interesting)
You got infected by a generic virus. In this case it seems the attack was specifically designed to target this company.
On a side note. Let me guess, another Windows IT infrastructure.
Re: (Score:2)
That's not clear from what's being reported here. The summary mentions a facility-specific attack on an Iranian oil terminal, but from the description this Saudi virus infection just seems to be an ordinary infection of a bunch of PC workstations.
Re: (Score:3)
Glad I have adblocker to make sure these fearmongering to sell adspace jackasses got no money from my visit.
Sales! (Score:2)
Someone has a new IT infrastructure they want to sell to the Saudis.
First create the demand with the 'cyber attack', then be ready to supply the solution.
Should be able to charge a huge price tag.
Re: (Score:2)
Someone has a new IT infrastructure they want to sell to the Saudis.
First create the demand with the 'cyber attack', then be ready to supply the solution.
Should be able to charge a huge price tag.
First of all they already pay a huge price tag for everything. That is the downside of having too much money and no need for anyone to actually understand anything.
Second, if you knew how things were run, you would be surprised we do not have continuous failures due to infections.
Transformers, switchgear and other control room infrastructure is built and once every 5 years someone will go there to change some filters. The whole thing runs 24/7 automatically and is being monitored remotely. After 20+ years,
Re:When I was (Score:5, Interesting)
Absolutely. That's not because Saudi Aramco is incompetent. I believe they would actually be one of the largest companies in the world, if they weren't state owned. They run operations on a truly mind blowing scale with very few problems or disruptions (when was the last time you heard about them?).
The reason is unfortunately far more depressing than one incompetent company. The reason is that the industrial process control world long ago standardized on Microsoft DCOM as the protocol used for monitoring and controlling large systems. DCOM is an insanely complicated protocol - trust me on this, I'm one of the very few people in the world who has reimplemented it. Therefore it's natural to use Microsofts implementation, which means Windows. Technically the protocol is called "OLE for Process Control" (OPC). In particular Saudi Aramcos Abqaiq stabilization facility, through which around 1/8th of the worlds oil supply flows, uses OPC extensively [integrationobjects.com].
Incidentally Abqaiq, like all of Aramcos big facilities, is defended by some pretty insane security. The guards there are heavily armed and shoot first, ask questions later. They need to - a few years ago suicide bombers attempted to detonate a truck inside the complex [saudidefence.com]. I've read they also have SAM sites and fighter jets on 24/7 standby in case somebody tries to crash a plane into it.
I think it's very likely that this is an extension of America and Israels war against Iran, targeting their industrial/economic infrastructure instead of just uranium enrichment. The MO matches that of Stuxnet and we know that they're rather careless about letting their creations escape and cause havoc outside the intended targets. The stories we saw recently about code encrypted under a hash of various file paths sounds strongly like it was intended to match an unknown computer that performs a specific function, rather than a specific computer that was already reconned, otherwise the key could just be a hash of the HDD serial numbers/MAC addresses or other things that are less likely to change. One can imagine that the target computer might be inside an Arabic speaking oil refinery. Typically these refineries and facilities are built by a small number of western contractors. One can also imagine that computers meeting the target configurations exist not only in Iranian facilities but also other countries.
Re: (Score:2)
Re: (Score:1)
you can isolate this servers from the rest of your network.
In the end you need to get data to and from the computers. As long as you have buffer overflows and executable data formats like excel and word there will be a way in. Remember the Stuxnet attacks against Iran were based on USB pen drive transfers. This means that network isolation is not adequate on its own and may even be an outdated counterproductive move.
Re: (Score:2)
I think it's very likely that this is an extension of America and Israels war against Iran, targeting their industrial/economic infrastructure instead of just uranium enrichment. The MO matches that of Stuxnet and we know that they're rather careless about letting their creations escape and cause havoc outside the intended targets. The stories we saw recently about code encrypted under a hash of various file paths sounds strongly like it was intended to match an unknown computer that performs a specific function, rather than a specific computer that was already reconned, otherwise the key could just be a hash of the HDD serial numbers/MAC addresses or other things that are less likely to change. One can imagine that the target computer might be inside an Arabic speaking oil refinery. Typically these refineries and facilities are built by a small number of western contractors. One can also imagine that computers meeting the target configurations exist not only in Iranian facilities but also other countries.
Iran is not an Arabic country, Iranians are not Arabs, they do not speak Arabic - they speak Farsi. It's a completely different language, and while they do use a version of the Arabic script, the words are completely different and folders, paths etc. will be likewise entirely different between an Iranian and an Arab installation.
Re: (Score:2)
These sorts of attacks go well beyond an inconvenience on a desktop, potentially affecting physical operations. It seems like the media doesn't know enough to dig deeper when something goes wrong.
Examples of media not doing investigative journalism:
No reports that I could find mentioned the possiblity of a cyber event, or solar flares and the arriving CME as possibly affecting power in India recently. They were quick to blame capacity, even though the initial outage struck at about 2 AM, which is not at p
Re: (Score:2)
When I was a Jr IT Admin, and our systems got infected a some Malware, or a worm we didn't call it a cyber attack, we just bitched about it and fixed the problem and wondered who the hell opened the attachment they got in their email.
Yes, because what you've been hit with is exactly the same as what they've been hit with.
SIgh.
Re: (Score:2)
There are different approaches to the same problem, often with different motivations (even for the same outcome).
In this case, I'm guessing it's because they either have highly skilled Westerners working for them and there was a really bad threat, or this is a typical display of Arab Ingenuity. For whatever reason, "fixing" something over there means hitting it with a hammer until it's fixed, Inshallah.
Interesting that the outcome may have been from drastically oppositional approaches. :P
Re: (Score:1)
is it wrong? (Score:1)
Is it wrong that I feel like cheering?
They don't want us to be able to see scantily clad women. That makes me pissed off right there.
Re:is it wrong? (Score:4, Interesting)
Is it wrong that I feel like cheering?
They don't want us to be able to see scantily clad women. That makes me pissed off right there.
On the other hand, this was an attack against their oil export capacity. The faster the rest of the world can suck the hydrocarbons out of the middle east, the faster we can go back to letting them fight amongst themselves over god's own sandbox on earth...
Re: (Score:2)
the faster we can go back to letting them fight amongst themselves over god's own litterbox on earth
Fixed that for you. God made cats in his own image, we are merely servants.
Re: (Score:2)
Re: (Score:2)
Submitter writes weirdly headlines (Score:2)
Re: (Score:1)
Weirdly Headlines Submitter Writes
Re: (Score:2)
Re: (Score:1)
A mere imposter if that is the case. Yoda would say something like "Offline cyber attack knocks Saudi Armaco hmmmmmm"
hindsight as a security policy (Score:2)
Iran earlier this month said it plans to move key ministries and state bodies off the public Internet to protect them from such attacks
One wonders why they were on the internet (public or otherwise) to begin with.
Re: (Score:3)
To download critical security updates and antirvirus definitions! Don't you care about Best Practices?
Re: (Score:2)
Re: (Score:2)
Because they need to communicate with citizens? It's like a business that has a website, but insists that you phone htem to place an order because they don't want to have an attack that may expose customer data.
Of course, even airgapped networks aren't invulnerable... I hear some centrifuges got de
Is it bad that when they mentioned Kharg Island... (Score:2)
Re: (Score:1)
Ok then (Score:1)
They aseume it got in through official channels rather than myriad censor-bypassing routes, including smart phone tethering.
weird (Score:1)
why would the jews and americans attack americas number one ally in the middle east?
Some would say Israel (Score:5, Insightful)
1. Buy up oil futures.
2. Release your malware and let the news cycle gin up oil prices.
3. Profit!!
Re: (Score:2)
Re: (Score:2)
What you are looking for is out of the money call options.
They let you buy something in the future at a price higher then forecast plus expected uncertainty and are generally pretty cheap. You can buy a metric assload of them.
If you are expecting something to drop in price you want out of the money put options.
Key advantage. Your loses are limited to the up front premium.
Re: (Score:2)
Fuck off grammarian. Get cancer of the asshole and die slowly.
Re: (Score:2)
what are these systems doing on the internet?? (Score:2)
i have a simple question. why are these systems - and systems like them in the USA such as power grid systems - attached to the world-wide internet in the first place? surely people understand that critical systems must be physically isolated, yes? they do have two computers, one on each side of the room, yes? one set of computers controls the critical hardware, and the other set is for administrative purposes, to do email, surf for porn when the staff are bored and so on, yes? do these people in these
Re: (Score:2)
Interesting side effects may come from this (Score:1)
Interesting side effects may come from this. These are very targeted and sophisticated attacks, the hardest to defend against. Countries like Iran and Saudi Arabia could become the security leaders in the world simply from having to defend themselves against the best of the best.
One thing China is very good at is not showing their hand too early. They plan long term, infiltrate, bide their time and strike when everything is perfect, leaving their targets unprepared (scary, huh?). This is in contrast to
Re: (Score:3, Informative)
Not entirely true. China does occasionally show a card or two in their hand, like surfacing an attack sub in the middle of a US carrier strike group.
Motivation (Score:3)
No way the US or Israel would strike at the jugular of the world's economy, it doesn't make sense. I'd guess Iran (make some countries drop the embargo), "wreck their shit" anarchists (this is a great way to wreck shit) or eco-terrorists (reduce CO2 emissions and give the world a taste of what will happen when the oil runs out).
Yep, they all run windows. (Score:1)
I used to work for a process controls company. Everything migrated from purpose-built embedded code and machines to COTS hardware to "save money."
The result was that the system became 5 times more expensive, 10 times more complicated, and 20 times more failure-prone.
Instead of buying a $1000 control board that was built for its special purpose, our customers instead had to buy a $10,000 PC running Windows, preinstalled with the McAfee Virus (which caused plenty of problems of its own with real-time control)
Re: (Score:2)
Where can I buy a 10K PC?
That machine must rock. How many FPS?
Re: (Score:2)
You're an idiot.
$10k is a not-uncommon cost for a middle of the range IBM server.
Re: (Score:2)
Server used for embedded control? SAN array as well?