Oct
24
2012

Hate to say I told you so…

Yet cybersecurity has now been shown to be a number one concern for companies across the world. The largest, and most damaging, cyberattack has now taken place.

On Aug. 15, more than 55,000 Saudi Aramco employees stayed home from work to prepare for one of Islam’s holiest nights of the year — Lailat al Qadr, or the Night of Power — celebrating the revelation of the Koran to Muhammad.

That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.

United States intelligence officials say the attack’s real perpetrator was Iran (of course they say that, but they have no idea), although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility.

That virus — called Shamoon after a word embedded in its code — was designed to do two things: replace the data on hard drives with an image of a burning American flag and report the addresses of infected computers — a bragging list of sorts — back to a computer inside the company’s network.

Shamoon’s code included a so-called kill switch, a timer set to attack at 11:08 a.m., the exact time that Aramco’s computers were wiped of memory. Shamoon’s creators even gave the erasing mechanism a name: Wiper.

Computer security researchers noted that the same name, Wiper, had been given to an erasing component of Flame, a computer virus that attacked Iranian oil companies and came to light in May. Iranian oil ministry officials have claimed that the Wiper software code forced them to cut Internet connections to their oil ministry, oil rigs and the Kharg Island oil terminal, a conduit for 80 percent of Iran’s oil exports.

So basically a new war has been started, but not on land, on LAN. The attacks have been internal, so it seems that secrecy and sabotage are a large part of it.

The Aramco hacking was retaliation. The United States fired one of the first shots in the computer war and has long maintained the upper hand. The New York Times reported in June that the United States, together with Israel, was responsible for Stuxnet, the computer virus used to destroy centrifuges in an Iranian nuclear facility in 2010.

Last May, researchers discovered that Flame had been siphoning data from computers, mainly in Iran, for several years. Security researchers believe Flame and Stuxnet were written by different programmers, but commissioned by the same two nations.

American intelligence officials blame Iran for a similar, subsequent attack on RasGas, the Qatari natural gas giant, two weeks after the Aramco attack. They also believe Iran engineered computer attacks that intermittently took America’s largest banks offline in September, and last week disrupted the online banking Web sites of Capital One and BB&T. The attacks continue, but we do little (in the IT world) to try and stop them.

To sum it up: The attack, intelligence officials say, was a wake-up call. “It proved you don’t have to be sophisticated to do a lot of damage,” said Richard A. Clarke, the former counterterrorism official at the National Security Council. “There are lots of targets in the U.S. where they could do the same thing. The attacks were intended to say: ‘If you mess with us, you can expect retaliation.'”

NY Times Article

Comments are closed.

Hub Page


Check us out on Thumbtack!