August 27, 2012
World’s Largest Oil Company Back Online After Cyber Attacks
Michael Harper for redOrbit.com — Your Universe Online
On August 15th, the world´s largest oil producer encountered a cyber attack which brought down their main internal computer as well as their websites. On Sunday, Saudi Aramco said they have resumed normal operations after restoring nearly 300,000 infected workstations within their internal network.
Now, with each workstation cleansed, the oil company can continue their normal operations. Though Aramco had shut off its electronic systems from the outside world, the company has said their normal oil exploration and production were not affected by this cyber attack.
“We would like to emphasize and assure our stakeholders, customers and partners that our core businesses of oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected and are functioning as reliably as ever,” said CEO Khalid al-Falih in a statement according to Reuters.
While their internal systems may be fully clean and functional, one of their websites which was taken down as a result of the cyber attacks – aramco.com – remains down at the time of this writing.
“We have isolated all our electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption which affected some sectors of our network,” reads the introduction at Aramco.com.
Sources at Aramco have told Reuters that their investigation into which “outside sources” were responsible for the attack are still ongoing. However, one “hacktivist” group has already publicly taken responsibility for the attack. According to a post on Pastebin.com, the Cutting Sword of Justice has said they were responsible for infecting Aramco´s internal computers.
Accusing Aramco of supporting “crimes and atrocities” against the “world community,” the Cutting Sword of Justice hacktivist group said they began “destruction operations” against the oil company, which they say is the largest financial source for the Al-Saud regime.
Closing their statement, the hacktivist group vows to continue their attacks against other such companies who they feel are oppressive to neighboring countries, (Bahrain, Egypt, Lebanon, etc) saying: “This is a warning to the tyrants of this country and other countries that support such criminal disasters with injustice and oppression. We invite all anti-tyranny hacker groups all over the world to join this movement. We want them to support this movement by designing and performing such operations, if they are against tyranny and oppression.”
Aramco, too, says they expect further intrusions, be it from the Cutting Swords or some other hacktivist group.
“Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber attack,” said Al-Falih in his Sunday statement.
Shortly after Aramco came under attack, Symantec – one of the world´s largest Internet security firms – said they had discovered a new type of virus which was attacking a global energy company, but did not specifically name Aramco.
Symantec began calling the virus “W32.Disttrack” and described it as a “destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable. Threats with such destructive payloads are unusual and are not typical of targeted attacks.”