November 22, 2024

Bits Blog: Hackers Lay Claim to Saudi Aramco Cyberattack

Unknown computer hackers claim they forced the world’s largest oil company, Saudi Aramco, to quarantine its oil production systems from infected PCs inside the company last week. They threatened to attack the company again this Saturday.

The hackers said that on Aug. 15, they unleashed a malicious virus into Saudi Aramco, the Saudi government-owned oil company,  in retribution for what they said was the government’s support for “oppressive measures” in the Middle East.

The hackers, who call themselves “Cutting Sword of Justice,” said the virus had destroyed some 30,000 — or three-quarters — of all of Saudi Aramco’s computers. That’s a remarkable claim, but to prove it, on Friday, they posted blocks of what they claimed were the infected I.P. addresses on Pastebin, a Web site often used by hackers to post data from cyberattacks.

Saudi Aramco did not return a request seeking clarification.

In a statement on its Facebook page, the company confirmed that its computer network had experienced “a sudden disruption” on Aug. 15 — the day hackers claimed to have attacked its network — and afterward had “isolated all its electronic systems from outside access as an early precautionary measure.” It said the disruption appeared “to be the result of a virus that had infected personal workstations” but said the virus “had no impact whatsoever on any of the company’s production operations.”

Displeased with that response, hackers said in a new Pastebin post on Thursday that they planned to deploy another cyberattack on Saudi Aramco at 5 p.m. this Saturday. “You will not be able to stop it,” they wrote.

The Saudi Aramco attack would be the first significant use of malware in a so-called hacktivist attack, in which hackers target a company for activist reasons rather than for profit. In the past, hacktivists have used application or distributed denial of service — DDoS — attacks in which they clog a Web site with traffic until it falls offline.

“Hacktivists rarely use malware,” said Rob Rachwald, director of security at Imperva, a security company based in Redwood City, Calif. “The fact that they used malware is a spooky trend. If other hacktivists jump on this it could be very, very dangerous.”

Mr. Rachwald added that the attack highlighted the ineffectiveness of the antivirus solutions that are supposed to protect computer systems against malware threats. “Antivirus is a vestige of the past,” Mr. Rachwald said.

The use of malware triggered several theories on the Internet that the real culprit behind the Saudi Aramco attack was Iran. Tehran and the Saud family government have sparred recently over the latter’s pledge to make up for any cut in Iranian oil exports as a result of American- and European-imposed sanctions.

Article source: http://bits.blogs.nytimes.com/2012/08/23/hackers-lay-claim-to-saudi-aramco-cyberattack/?partner=rss&emc=rss