Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aramco Says Networks Back Online, No Results From Investigation Yet

Posted by samzenpus on from the we're-back dept.

Trailrunner7 writes "Saudi Aramco says that the virus attack that compromised tens of thousands of the company's workstations last month never endangered the company's oil production capabilities and that all of the affected systems have been brought back online and restored. The attack on Aramco has been linked by researchers to the Shamoon malware, but company officials did not comment on the nature or provenance of the malware. The attack hit Aramco, one of the larger oil producers in the world, on August 15 and the company soon took its main Web sites offline as it investigated the extent and nature of the compromise. A group of attackers calling itself the Cutting Sword of Justice took credit for the attack through a post on Pastebin, saying that the operation had destroyed data on 30,000 machines, including both workstations and servers. The company originally did not comment on the extent of the damage to its network, simply saying that it had suffered an attack and was in the process of cleaning it up. On Monday, company officials said that security staffers had restored all of the infected machines and that its operations were back to normal."

21 comments

  1. That's horrible! What OS were those compromised by couchslug · · Score: 1

    systems running?

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    1. Re:That's horrible! What OS were those compromised by jschmitz · · Score: 1

      "Saudi Aramco says damage was limited to office computers and did not ... They say the computer virus gave them access to documents from Aramco's ... Saudi Aramco has said that only office PCs running Microsoft Windows ..."

    2. Re:That's horrible! What OS were those compromised by Aryeh+Goretsky · · Score: 4, Insightful

      Hello,

      I realize the default permission on Slashdot is set to "anti-Microsoft," but before that gets out-of-line, consider this attack was purportedly done by an insider (or possibly even insiders).

      At that point, it doesn't really matter what the operating systems(s) the business runs. If it was an inside job, the attacker would have been damaging things regardless of the operating system(s) used. How environments are secured and managed is a lot more important these days than what operating systems they run.

      Regards,

      Aryeh Goretsky

      --
      Dexter is a good dog.
    3. Re:That's horrible! What OS were those compromised by Anonymous Coward · · Score: 1

      No inside attacker can do any more harm than an outsider in a well-protected setup these days.

      Regards,

      Thomas J

    4. Re:That's horrible! What OS were those compromised by DriedClexler · · Score: 1

      They say the computer virus gave them access to documents from Aramco's

      Hey, maybe they can blackmail Aramco out of Bitcoins now!

      --
      Information theory is life. The rest is just the KL divergence.
    5. Re:That's horrible! What OS were those compromised by symbolset · · Score: 2

      When you're using Windows desktops, all your "inside" is "outside". Google at least learned after their big oops and corrected this situation. I bet Aramco didn't, and will have the issue again in nine months or so.

      --
      Help stamp out iliturcy.
    6. Re:That's horrible! What OS were those compromised by Aryeh+Goretsky · · Score: 1

      Hello,

      Malware for Android, Google's version of Linux for smartphones and tablets, seems to be on the upswing, though.

      Regards,

      Aryeh Goretsky

      --
      Dexter is a good dog.
    7. Re:That's horrible! What OS were those compromised by symbolset · · Score: 1

      Android is open source, and lets people do what they will with it. Some people will do dumb things. Almost all of the Android malware issue seems to be with people who don't have Google Play, and in places not relevant to most of us, or people who sideload apps from random websites, and such. You know, I'm fine with people deciding to take that risk and enjoying the benefit or suffering the consequences. That's what freedom is about.

      --
      Help stamp out iliturcy.
  2. Obama now leading in Oiho! by Anonymous Coward · · Score: 0

    Says not to vote for that Jack Ryan fellow.

  3. I don't think they're all up yet. by freeze128 · · Score: 1

    I have clients that need to send email to aramco.com, and none of their SMTP servers are accepting a connection. Maybe they overreacted, and blacklisted the entire planet....

  4. Default permission on Slashdot by dgharmon · · Score: 1

    "I work in the research department of a computer security company"

    If you want to be taken seriously in computer security, don't ever go on slashdot to defend MICROS~1 ...

    --
    AccountKiller
    1. Re:Default permission on Slashdot by ra1n85 · · Score: 1

      Yes, how dare he!? Everyone knows that Aramco should have been using the Arabic port of Debian.

  5. Saudi Aramco damage limited to office computers? by dgharmon · · Score: 1

    "Saudi Aramco says damage was limited to office computers .. running Microsoft Windows" ...

    'However, one of Saudi Aramco's Web sites taken offline after the attack - www.aramco.com . remained down on Sunday. E-mails sent by Reuters to people within the company continued to bounce back` link

    --
    AccountKiller
  6. Better to release then delete by Anonymous Coward · · Score: 0

    Why delete the info? They should have a backup system in place, thus minimizing the loss. Better to release all the data into the wild for competitors and conspiracy theorists to pour over.

  7. Re:Saudi Aramco damage limited to office computers by ubrgeek · · Score: 1

    > E-mails ... continued to bounce back

    GoDaddy strike again. ;)

    --
    Bark less. Wag more.
  8. The Arabs use mainly Windows by unixisc · · Score: 1

    I doubt that they were using anything other than Windows, Windows Server & so on. I'm willing to bet - they may be the among the first converts to Windows Server 2012 and Windows 8.

  9. The guilty will likely be... by Anonymous Coward · · Score: 0

    ... beheaded, unless they happen to live outside Saudi Arabia, in a country hostile to them. Such as Iran. Incidentally, I was wondering what would happen if it turned out that the crackers in this case were Jews? Saudi law doesn't allow Jews to enter the country, so they couldn't even get them extradited, if it came to that. HA!

    1. Re:The guilty will likely be... by Anonymous Coward · · Score: 0

      I think their gov would be willing to take them in the country, as long as there was a death sentence waiting.

  10. A better term... by Anonymous Coward · · Score: 0

    ...might be "oil pumpers"? They aren't exactly "producing" it in the ordinary sense.

  11. Why are there backups to restore from? by xenobyte · · Score: 1

    Any good attack would have destroyed the backups before wiping the servers and workstations.

    Of course, offline tapes with backups cannot be destroyed from the outside, unless we're talking a truly long term project with an inside man slowly corrupting the offline backups, or a full intrusion armed with bulk erasers...

    --
    "For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
  12. Apple is world's most valuable company by tinkerton · · Score: 1

    .. if you only look at companies that are listed on the stock market.
    It's remarkable how Aramco manages to keep a low profile. It's not possible to put 'today's value' on it but estimates are always over a trillion dollars and reach up to 7 trillion.

    To be fair, it may be just the name that has a low profile. 'saudi oil' is the same thing and it doesn't exactly have a low profile.