IT contractor charged over US oil rig hack
Roughneck cracker charges
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
An IT contractor has been charged with sabotaging offshore oil rig computer systems.
Mario Azar, 28, of Upland, California, allegedly damaged a drilling firm's computers out of spite after it declined to offer him permanent employment. Azar faces an indictment for unauthorised impairment of a protected computer, an offence punishable by a maximum sentence of up to ten years' imprisonment.
Until May 2008, Azar worked as an IT consultant with the Long Beach-based Pacific Energy Resources. He helped set up a computer system used to communicate between PER's offices and its oil platforms, carrying out functions such as remote telemetry and "leak detection".
Shortly after leaving the job, Azar allegedly hacked into the system and "caused damage by impairing the integrity and availability of data," according to the indictment returned by a Los Angeles grand jury on Wednesday. The assault caused thousands of dollars of damages, prosecutors charge.
Fortunately, although PER briefly lost control of its telemetry systems, the outage did not result in any oil leaks or environmental harm. The case was investigated by the FBI and the Long Beach Police Department who uncovered unspecified evidence that led to Azar's arrest.
Azar faces a court date over the hacking charge in a US District Court in Los Angeles on 6 April. ®
COMMENTS
@DR
The fact that one of your steps is 'put tape in drive' suggests that you've never really used anything like a big backup system. There are machines that do that now you know?
As with all storage, if you want an estimate of how much something will cost, think of a number, then add a zero, two if you need it quickly.
@DR
Right on.
Many, many years ago, we had a customer running a mainframe that was administered by a non-techie (they had no IT staff), He head about a fast start (booting the machine took 15+ minutes). Saw a F option for the IPL (Initial Process Loader) one morning after downtime maintenance and tried it., The F option did not mean fast. It meant first. As in assembled-do-a-first-factory-start. He wiped the entire mainframe as a result.
We booted the mainframe from tape, restored. Customer was up an running again less than a day after our engineers were on site.
Mine's the tattered one with a JCL manual in one pocket and a Best Of The 80's music CD in the other.
@DR - Data Restores
I can quite see how the bills rack up, the problem here, according to the company was that the engineer "caused damage by impairing the integrity and availability of data,", a DR policy would be fine for backup and restore, providing you know that something's amiss. The odd changed value in a data stream may be undetected for years, but may have a huge impact, at which point you need to start referring to data that was backed up a long time ago.
On affecting the availability, if an oil company cannot reliably collect safety data from a remote plant, that plant must be shut down to ensure no issues occur. A non-functioning plant can cost thousands of pounds a minute in lost production.
With the guy being an ex-networks engineer, he could have quite easily changed the configuration of a network router, and taken down both their network and voice comms. Try getting something fixed quickly when you have no access to the site, aren't quite sure what the problem is, and only have a sat-phone to talk to a non-IT person on site.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
