The targets have primarily been energy companies, and the attacks appeared to be probes, looking for ways to seize control of their processing systems. The attacks are continuing, officials said. But two senior administration officials said Sunday that they were still not certain exactly where the attacks were coming from, or whether they were state-sponsored or the work of hackers or criminals.
“We are concerned by these intrusions, and we are trying to make sure they don’t lead to something much bigger, as they did in the Saudi case,” said one senior American official. He was referring to the aggressive attack last summer that affected 30,000 computers at Saudi Aramco, one of the world’s largest oil producers. After lengthy investigations, American officials concluded that Iran had been behind the Saudi Aramco attack.
Another official said that in the new wave of attacks, “most everything we have seen is coming from the Middle East,” but he did not say whether Iran, or another country, appeared to be the source.
Last week’s warning was unusual because most attacks against American companies — especially those coming from China — have been attempts to obtain confidential information, steal trade secrets and gain competitive advantage. By contrast, the new attacks seek to destroy data or to manipulate industrial machinery and take over or shut down the networks that deliver energy or run industrial processes.
That kind of attack is much more like the Stuxnet worm that the United States and Israel secretly used against Iran’s nuclear enrichment plants several years ago, to slow Iran’s progress toward a nuclear weapons capability. When that covert program began, President Obama, among other officials, expressed worry that its eventual discovery could prompt retaliatory attacks.
Two senior officials who have been briefed on the new intrusions say they were aimed largely at the administrative systems of about 10 major American energy firms, which they would not name. That is similar to what happened to Saudi Aramco, where a computer virus wiped data from office computers, but never succeeded in making the leap to the industrial control systems that run oil production.
The Washington Post first reported the security warning on Friday. Over the weekend the Obama administration described what had led to the warning. Those officials began describing the activity as “probes that suggest someone is looking at how to take control of these systems.”
According to one United States official, Homeland Security officials decided to release the warning once they saw how deeply intruders had managed to penetrate corporate systems, including one that deals with chemical processes. In the past, the government occasionally approached individual companies it believed were under threat. Last week’s warning “is an effort to make sure that the volume and timeliness of the information improves,” in line with a new executive order signed by the president, one senior official said.
The warning was issued by an agency called ICS-Cert, which monitors attacks on computer systems that run industrial processes. It said the government was “highly concerned about hostility against critical infrastructure organizations,” and included a link to a previous warning about Shamoon, the virus used in the Saudi Aramco attack last year. It also hinted that federal investigations were under way, referring to indications “that adversary intent extends beyond intellectual property to include use of cyber to disrupt business and control systems.”
At Saudi Aramco, the virus replaced company data on thousands of computers with an image of a burning American flag. The attack prompted the defense secretary at the time, Leon E. Panetta, to warn of an impending “cyber 9/11” if the United States did not respond more efficiently to attacks. American officials have since concluded the attack and a subsequent one at RasGas, the Qatari energy company, were the work of Iranian hackers. Israeli officials, who follow Iran closely, said in interviews this month that they thought the attacks were the work of Iran’s new “cybercorps,” organized after the cyberattacks that affected their nuclear facilities.
David E. Sanger reported from Washington, and Nicole Perlroth from San Francisco. Michael S. Schmidt contributed reporting from Washington.
Article source: http://www.nytimes.com/2013/05/13/us/cyberattacks-on-rise-against-us-corporations.html?partner=rss&emc=rss
Speak Your Mind
You must be logged in to post a comment.