Feeds

back to article Saudi Aramco: Foreign hackers tried to cork our gas output

Hackers who used the Shamoon worm to attack oil giant Saudi Aramco were bent on halting its fuel production, according to the company and Saudi government officials. The attack on Saudi Aramco — which supplies a tenth of the world’s oil — failed to disrupt oil or gas output even though it infected 30,000 computers and crippled …

COMMENTS

This topic is closed for new posts.
Silver badge

...but shouldn't there be at least some minimal amount of security involved. Like not using known-to-be insecure systems and protocols?

0
0
Anonymous Coward

Every system is insecure. Anything with moving parts is going to have a security issue somewhere.

And it's going to be even worse if people are involved, because we're human and we do stupid, human things.

That worm was a poor attempt at destroying oil production, however. Most office networks are separated from the "SCADA"/infrastructure networks, not just be firewalls and routers, but by architecture and network design. Unless the Cutting Sword of Justice were planning to deploy a second-stage binary to hit either PLCs or some other component of the production network (with a clever payload, too, in order to fool any safeguards and thus do physical damage), it wasn't going to do anything apart from make some desktops require a re-imaging.

Annoying for the IT guys, but not the end of the world.

Maybe the CSOJ (Tonight or ever, anyone?) guys were dreaming of destroying the Saudi's oil-corp, but they lacked the required stuff (I wouldn't call them unsophisticated though).

2
0
Anonymous Coward

I have been to the US Aramco office in Houston, Texas. The IT people there for the most part are clueless and half came from Saudi Arabia. So this is no surprise to me and am actually shocked it didn't happen sooner.

3
0
Silver badge
Stop

"The IT people there for the most part are clueless and half came from Saudi Arabia."

Well, duh!

None of the competent IT staff are Saudi in the first place, and those in Texas were the ones capable of mustering the pull to get a cushdy overseas posting AND weren't good enough to miss!

1
1
Silver badge
Devil

Well, at least they didn't get into Saudi Aramco's SCADA systems....

Which I hope, hope, hope are not connected to the internet.....

0
0
Anonymous Coward

Cultural differences...

I'm probably going to get blasted for the IT angle, but does anyone find it amusing that Abdullah al-Saadan would thank God that the attackers were not able to achieve their goals?

0
0
Silver badge

Re: Cultural differences...

Nah, it's the same bearded guy from the Desert Vision Extravaganza. If he thanked Amaterasu, that would be newsworthy.

0
0
Silver badge
Mushroom

I have a crap idea

Lets link all the infrastructure we can to the internet - what could possible go wrong.

And whilst we are at it, why not have unprotected USB ports on all the equipment that we haven't linked.

1
0
Silver badge
Devil

"The miscreants accused the ruling royal family of interfering in the affairs of neighbouring countries, such as Syria and Bahrain."

Because photos of tanks being driven around and weapon crates being dropped off are just not enough, these are "accusations" made by miscreants.

Whereas hyped hearsay about the Iranian nuke program are "grave accusations" made by "reliable anonymous sources".

1
1
Silver badge

What they SHOULD have done

Is change the price of crude oil. Moving it down a significant amount ($20/bbl or so) would have probably disrupted the market more than attempting to stop the export.

Of course, making it go down to under $40 a barrel would be even nicer, as I do like my petrol less than a buck a gallon.

It isn't like they need even more money for a totally dysfunctional family that runs the country (and treats the female of the species as a piece of property).

0
0
Silver badge
Devil

Re: What they SHOULD have done

Maybe that's what they did want, but in a form.

That bit about "planting images of a burning US flag" doesn't make for amateurs necessarily, nor even the coding errors. Post Stuxnet, I would guess that both spooks and serious cyber crims are mindful that they don't want the finger of blame pointing at them, and a reasonable way of doing that is the cyber equivalent of growing a beard. But who would waste time hacking into Aramco's network just to plant that image? After all a burning US flag is probably the screen saver for half of the Saudi employees.

Where I think you're missing the trick is that they probably did not want to drive the physical price down or up, as that requires a need to invest in real oil, including non-trivial stuff like having customers, delivery terminals, cash, and such like. I'd have thought the smart cyber crim wants to disrupt the futures market, having secured a short or long position which is inherently leveraged to the expected outcome. And that disruption might be attacking Aramco's network not for the SCADA, but simply to disrupt the trading business, even if only to take the Aramco traders offline for a few days. Throw in a bit of bad SCADA code appropriated from Stuxnet or elsewhere, and world plus dog thinks this is about physical shutdown.

And of course, if that is correct, then you'd need to consider the criminal speculators as the commissioners and potential beneficiaries of the attack, but the perps would likely be a separate bunch of technical guns for hire. Obviously this imples unconstrained crims, technical skills, and money laundering, and whilst I'm inclined to suggest RBS for some cheap laughs, one would guess either fomer USSR criminality, or a country under sanctions looking to raise some much needed cash outside the sanctions ring fence.

1
0
Silver badge
Meh

'Tis a lesson you should heed,

'Tis a lesson you should heed, Try, try again. If at first you do n't succeed, Try, try again.

[1840 T. H. Palmer Teacher's Manual 223] - Oxford Dictionary of Proverbs: (Home > Library > Religion & Spirituality > Proverbs)

One day may be the Hackers will be successful.

0
0

Normal service after 10 days !!

I found the throwaway comment about systems working again after 10 days amusing as even now the Aramco networks are compromised. This is almost certainly a result of them tightening up their own security but until yesterday any emails I sent to any Aramco address were rejected by their system. Even now emails are only accepted with plain text and containing no weblinks or addresses and attachments don't seem to get through.

2
0
This topic is closed for new posts.