Saudi Aramco, war of information on the cyber attack

Last summer a series of cyber attacks hit energy sector, one of the world’s largest oil companies the Saudi Aramco was attacked by a group named the Cutting Sword of Justice. Hackers used the Shamoon malware to attack the systems of the company, fortunately, production environment wasn’t impacted.

The malware is able to wipe files from the drive on the infected machine and according to security experts it was used also for others cyber attacks against Qatari RasGas oil company.

In the first phase of analysis, the presence of internal coding errors suggested to security experts that the creation of the malware was attributable to a work of amateurs, but is it really true? Could it be a diversionary tactic to divert attention from the real authors of malicious code?

Saudi Aramco supplies a tenth of the world’s oil, the attack infected 30,000 computers and crippled the national oil company’s electronic networks.Internal security response team brought down the internal network to mitigate the cyber threat avoiding its diffusion to other internal systems, cleaning operations lasted around 10 days.

Aramco and the Saudi Interior Ministry are investigating the attack. A ministry spokesman, Maj. Gen. Mansour al-Turki, said the attackers were an organized group operating from countries on four continents.

 “organized group launched the attack from outside the kingdom and from different countries”, Saudi news agency Al Arabiya reported.

According to the company and Saudi government officials the real intent of the attack was to halt fuel production of the company, the investigations are still ongoing, Aramco’s vice president for corporate planning, Abdullah al-Saadan, declared at Al Ekhbariya television:

“The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals.”

The motivation of the attack is politics, the hackers accused the policy of Royal Family and its interference in the political disputes of neighboring countries, such as Syria and Bahrain.

Saudi Arabia provided military support to Bahrain last year to back the Persian Gulf state’s rulers rejecting Shiite-led protesters. Saudi Arabia could have also fund Syria rebel army to increase pressure on the Assad regime.

The Guardian journal reported:

“The Guardian witnessed the transfer of weapons in early June near the Turkish frontier. Five men dressed in the style of Gulf Arabs arrived in a police station in the border village of Altima in Syria and finalised a transfer from the Turkish town of Reyhanli of around 50 boxes of rifles and ammunition, as well as a large shipment of medicines.

The men were treated with deference by local FSA leaders and were carrying large bundles of cash. They also received two prisoners held by rebels, who were allegedly members of the pro-regime militia, the Shabiha.

The influx of weapons has reinvigorated the insurrection in northern Syria, which less than six weeks ago was on the verge of being crushed”

Meanwhile, Saudi authorities are conducting the investigation voice on US involvement in the attack are circulating on the internet, FARS news agency (FNA) has recently published an article that reports a new sensational update on the famous event.

According to the agency, an informed source in Aramco took the US Department of Defense responsible for the cyber attack.

“Proofs and evidence show that the cyber attack on Aramco company has been carried out by a foreign group and given the record of virus attacks against Aramco it can be said that Pentagon is behind it,” FNA reported.

The accusation is undoubtedly heavy and open new scenarios, we are in a middle of information warfare in which misinformation is the primary tactics followed by the contenders, last October U.S. declared that Iran was behind cyber attack in Saudi Arabia, the revelation was done by a former U.S. official who has worked on cybersecurity issues.

U.S. government strongly supports that Iranian cyber experts have created the “shamoon” virus that hit Saudi Aramco and RasGas,  Lewis, a senior fellow at the Center for Strategic and International Studies think tank said:

“There’s generally a conviction that it was Iran,”

US authorities declared that it was implausible the Iranian government would not be aware of a major cyber operation coming from sources inside the country:

“How could you do something that consumed a massive amount of bandwidth in Iran and not have the government notice, when it’s monitoring the Internet for political purposes?”

Doubts are legitimate, the unique certainty is the Iranian cyber capabilities are growing like no other representing a great cyber threat for every state, but this is cyber warfare and every state is silently developing its cyber weapons and it trying to exploit networks of foreign adversaries.

In the next months, the number of cyber espionage operations and more in general of cyber attacks is destined to an exponential increase and in many cases, it will be impossible to track back the real origin of the offensive, every state must be prepared developing an efficient cyber strategy.

Pierluigi Paganini

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Saudi Aramco, Information Warfare)

[adrotate banner=”5″]

[adrotate banner=”13″]