Saudi Arabia: Insider attack on Aramco

Mole hack? 30,000 computers of world's biggest oil company hit

Insiders are thought to have facilitated the cyber-attack on the world’s largest oil company, says a probe. The group behind the hack on state-run Saudi Aramco claim the attack is revenge for “crimes and atrocities” by the Saudi government

RT,

8 September, 2012

"It was someone who had inside knowledge and inside privileges within the company," a source familiar with investigation told Reuters.

The Shamoon virus spread through the company’s computer network last month, wiping the data from at least 30,000 computers, in one of the most destructive cyber-attacks on a single business in history.

Reports say to prevent any drastic consequences Aramco prohibited its employees from sending or receiving emails outside of the company and had to switch to paper transactions while it was dealing with the virus.

Hackivist group The Cutting Sword of Justice claimed responsibility for the attack on the company. They issued a statement saying that the attack was politically motivated and revenge for the “crimes and atrocities” committed by the Saudi Arabian government.

The previously unknown hacker organization also said that they had obtained classified documents from the hack and threatened to release them, although thus far nothing has been published.

Saudi Aramco has not made any comments regarding its ongoing investigation into the mass hack, refraining from speculating on what it called

“rumors and conjecture.”

“This was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack,” said the company’s chief executive Mr. al-Falih. He went on to say “not a single drop of oil was lost and no critical systems were harmed.

Meanwhile, Qatari gas producer RasGas announced that it had been affected by a similar virus at the end of August.

Uncommonly ‘destructive’

The virus in question, known as Shamoon, is not a sophisticated cyber weapon designed for high-level insurgency. It is used to attack ordinary business computers.

“Based on initial reporting and analysis of the malware, no evidence exists that Shamoon specifically targets industrial control systems components or US government agencies,” the Department of Homeland Security’s United States Computer Emergency Readiness Team said in an August 29 advisory.

Once the Shamoon virus has infiltrated a computer network it attempts to infect every computer. The virus is capable of stealing information and erasing all data on the devices, experts say.

“We don’t normally see threats that are so destructive, it’s probably been 10 years since we saw something so destructive,” said Liam O Murchu from computer security firm Symantec.

Repression and marginalization

Saudi Arabia saw a number of protests across the country recently with the country’s Shia Muslim minority protesting against discrimination from the ruling Sunni monarchs. 

 

The Shia protests were triggered last year in March when the Saudi government sent troops to neighboring Bahrain to crackdown on Shia protesters. Bahrain is also ruled by a Sunni Muslim monarchy.