Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyber Attack Knocks Offline Saudi Aramco

Posted by timothy on from the just-communicate-with-oil dept.

wiredmikey writes "Saudi Aramco, Saudi Arabia's national oil company and the largest oil company in the world, confirmed that is has been hit by a cyber attack that resulted in malware infecting user workstations and forcing IT to kill the company's connection to the outside world. '..An official at Saudi Aramco confirmed that the company has isolated all its electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption that affected some of the sectors of its electronic network,' the company wrote in a statement. This incident follows an attack on systems at the National Iranian Oil Company back in April, when a virus was detected inside the control systems of Kharg Island oil terminal, which also resulted in the company taking its systems offline. In response to continued cyber attacks against its networks and facilities, Iran earlier this month said it plans to move key ministries and state bodies off the public Internet to protect them from such attacks."

11 of 67 comments (clear)

  1. When I was by Dyinobal · · Score: 4, Interesting

    When I was a Jr IT Admin, and our systems got infected a some Malware, or a worm we didn't call it a cyber attack, we just bitched about it and fixed the problem and wondered who the hell opened the attachment they got in their email.

    1. Re:When I was by Nrrqshrr · · Score: 4, Funny

      But then how did you blame the Zionist lobbies?

    2. Re:When I was by Krneki · · Score: 4, Interesting
      There is a key difference.

      You got infected by a generic virus. In this case it seems the attack was specifically designed to target this company.

      On a side note. Let me guess, another Windows IT infrastructure.

      --
      Love many, trust a few, do harm to none.
    3. Re:When I was by jhoegl · · Score: 2

      Yeah, the article links the two but the articles information shows it as being a generalized malware or virus. They may be being overcautious on this one, but the article attempts to inject fear, speculation, and link an unrelated incident to this.
      Glad I have adblocker to make sure these fearmongering to sell adspace jackasses got no money from my visit.

    4. Re:When I was by IamTheRealMike · · Score: 4, Interesting

      On a side note. Let me guess, another Windows IT infrastructure.

      Absolutely. That's not because Saudi Aramco is incompetent. I believe they would actually be one of the largest companies in the world, if they weren't state owned. They run operations on a truly mind blowing scale with very few problems or disruptions (when was the last time you heard about them?).

      The reason is unfortunately far more depressing than one incompetent company. The reason is that the industrial process control world long ago standardized on Microsoft DCOM as the protocol used for monitoring and controlling large systems. DCOM is an insanely complicated protocol - trust me on this, I'm one of the very few people in the world who has reimplemented it. Therefore it's natural to use Microsofts implementation, which means Windows. Technically the protocol is called "OLE for Process Control" (OPC). In particular Saudi Aramcos Abqaiq stabilization facility, through which around 1/8th of the worlds oil supply flows, uses OPC extensively.

      Incidentally Abqaiq, like all of Aramcos big facilities, is defended by some pretty insane security. The guards there are heavily armed and shoot first, ask questions later. They need to - a few years ago suicide bombers attempted to detonate a truck inside the complex. I've read they also have SAM sites and fighter jets on 24/7 standby in case somebody tries to crash a plane into it.

      I think it's very likely that this is an extension of America and Israels war against Iran, targeting their industrial/economic infrastructure instead of just uranium enrichment. The MO matches that of Stuxnet and we know that they're rather careless about letting their creations escape and cause havoc outside the intended targets. The stories we saw recently about code encrypted under a hash of various file paths sounds strongly like it was intended to match an unknown computer that performs a specific function, rather than a specific computer that was already reconned, otherwise the key could just be a hash of the HDD serial numbers/MAC addresses or other things that are less likely to change. One can imagine that the target computer might be inside an Arabic speaking oil refinery. Typically these refineries and facilities are built by a small number of western contractors. One can also imagine that computers meeting the target configurations exist not only in Iranian facilities but also other countries.

  2. Re:is it wrong? by fuzzyfuzzyfungus · · Score: 3, Interesting

    Is it wrong that I feel like cheering?

    They don't want us to be able to see scantily clad women. That makes me pissed off right there.

    On the other hand, this was an attack against their oil export capacity. The faster the rest of the world can suck the hydrocarbons out of the middle east, the faster we can go back to letting them fight amongst themselves over god's own sandbox on earth...

  3. Re:hindsight as a security policy by fuzzyfuzzyfungus · · Score: 2

    To download critical security updates and antirvirus definitions! Don't you care about Best Practices?

  4. Some would say Israel by ThatsNotPudding · · Score: 4, Insightful

    I would bet crooked (as if there are any other kind) daytraders.
    1. Buy up oil futures.
    2. Release your malware and let the news cycle gin up oil prices.
    3. Profit!!

  5. Motivation by GameboyRMH · · Score: 2

    No way the US or Israel would strike at the jugular of the world's economy, it doesn't make sense. I'd guess Iran (make some countries drop the embargo), "wreck their shit" anarchists (this is a great way to wreck shit) or eco-terrorists (reduce CO2 emissions and give the world a taste of what will happen when the oil runs out).

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  6. Re:Sales! by Candyban · · Score: 2

    Someone has a new IT infrastructure they want to sell to the Saudis.

    First create the demand with the 'cyber attack', then be ready to supply the solution.

    Should be able to charge a huge price tag.

    First of all they already pay a huge price tag for everything. That is the downside of having too much money and no need for anyone to actually understand anything.

    Second, if you knew how things were run, you would be surprised we do not have continuous failures due to infections.

    Transformers, switchgear and other control room infrastructure is built and once every 5 years someone will go there to change some filters. The whole thing runs 24/7 automatically and is being monitored remotely. After 20+ years, the substation is in need of an overhoal or it is decomissioned.
    Before 2000, most "logic" components were either PLC or electrical circuitry. Nowadays more and more components are electronic (cheaper, more flexible and more accurate) and controlled by "regular" PCs running windows.
    As I said before, no living soul enters the substations in 5 years and noone will update components (if it ain't broken, don't fix it). However other substations (in the process of being constructed) have the broadest range of computer illiterates, all typing stuff on their old laptops and passing around memory sticks, clicking whatever to get rid of pesky popups, running in and out of the construction yard.

  7. Re:Interesting side effects may come from this by EmagGeek · · Score: 3, Informative

    Not entirely true. China does occasionally show a card or two in their hand, like surfacing an attack sub in the middle of a US carrier strike group.