Feeds

Saudi Aramco: Foreign hackers tried to cork our gas output

Worm outbreak targeted oil giant's sensitive machinery

Internet Security Threat Report 2014

Hackers who used the Shamoon worm to attack oil giant Saudi Aramco were bent on halting its fuel production, according to the company and Saudi government officials.

The attack on Saudi Aramco — which supplies a tenth of the world’s oil — failed to disrupt oil or gas output even though it infected 30,000 computers and crippled the national oil company's electronic networks. In a press conference on Sunday, Saudi officials blamed unnamed foreign groups for orchestrating the digital assault.

Interior ministry spokesman General Mansour al-Turki said a joint investigation between the government and the oil giant concluded that an "organised group launched the attack from outside the kingdom and from different countries", Saudi news agency Al Arabiya reported.

"It is in the interest of the investigation not to reveal any results," he said, adding that "no Aramco employees or contractors were involved in the hacking."

The New York Times reported that al-Turki said the investigation was ongoing.

Abdullah al-Saadan, Aramco’s vice president for corporate planning, told Al Ekhbariya television: "The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals."

Hacktivists from a group called Cutting Sword of Justice claimed responsibility for the cyber-attack, which was carried out in August. They claimed the assault allowed them to lift documents from Aramco’s computers, which they threatened to leak. But no information was subsequently published. The group said it had hacked Saudi Aramco in retaliation against the Al Saud regime. The miscreants accused the ruling royal family of interfering in the affairs of neighbouring countries, such as Syria and Bahrain.

Shamoon infected workstations at Saudi Aramco on 15 August, forcing the oil giant to shut down its internal network to contain the spread of the malware while it ran a cleanup operation. Normal access to systems was restored 10 days later.

The malware can wipe files to hobble an infected machine and destroy data. Shamoon was also linked to a virus attack against Qatari gas giant RasGas at the end of August.

Security researchers at Kaspersky Labs have taken apart the malware. Dmitry Tarakanov concluded that controversial features, such as planting the image of a burning US flag on compromised PCs, and programming mistakes suggested the malware is likely the work of amateurs than intelligence agencies. Coding errors in Shamoon prevented it from downloading and running any other malicious code during the outbreaks. ®

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.