Oil giant Saudi Aramco hit by hackers, virus infects 30,000 PCs

By Lee Kaelin on September 7, 2012, 4:00 PM

Saudi Aramco, a Saudi Arabian oil giant responsible for supplying a tenth of the world's oil, has instructed six separate firms with expertise in hacking and viruses to investigate a massive breach of security that infected 30,000 of the company's Windows-based office computers.

Early investigations have revealed that the hackers had assistance from an insider with high-level clearance, according to a source speaking with Reuters. The source said that Saudi Aramco's computer network is very well protected from attacks originating from the Internet, but attacks from within are weak points, especially in the high-level secured areas.

Hacker group "The Cutting Sword of Justice" has taken responsibility for the attack, claiming that they introduced the virus Shamoon to access documents on Saudi Aramco's computers for political purposes. They've supposedly found secrets about the company and are threatening to release them. The virus reportedly syphoned off small amounts of data by remotely sending it to command and control servers. After doing so, it wiped the hard drives of all the infected computers, making it virtually impossible to identify exactly what data has been stolen.

Shamoon has surprised Symantec as it uses several methods of penetrating a network, and once it succeeds, it tries to infect every computer on the LAN. "It's probably been 10 years since we saw something so destructive," said the firm's lead researcher, Liam O Murchu.

"All our core operations continued smoothly," said Saudi Aramco CEO Khalid Al-Falih when addressing government and business officials during a security workshop. He said that none of the company's oil exploration, production and other associated critical infrastructure was compromised, as they are isolated and heavily protected.




User Comments: 10

Got something to say? Post a comment
veLa veLa said:

Ah insider was partly to blame huh? Well that's really all you need I guess. When you have access to the physical machine you can do anything.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

I feel for the tech crew going around cleaning these machines. Even a large tech crew will have trouble cleaning 30,000 machines.

NeoFlux said:

I feel for the tech crew going around cleaning these machines. Even a large tech crew will have trouble cleaning 30,000 machines.

"...wiped the hard drives..."

Not much to clean, right?

cliffordcooley cliffordcooley, TechSpot Paladin, said:

"...wiped the hard drives..."

Not much to clean, right?

That doesn't mean the virus has been purged from the system.

jobeard jobeard, TS Ambassador, said:

That doesn't mean the virus has been purged from the system.

Depends upon how it was done. There's only two major structures on the drive, the MBR and the Partitions(s).

A low level format (where every block is rewritten with its block number) will obliterate everything.

With many systems to 'repair' the clear choice is to create a master image and blow it onto every system.

Kind of wish I had that contract $$$$$$$$$$$$$$

Tygerstrike said:

Maybe they have information showing that OPEC really has been price fixing gas since the 1970's. Now that would be a laugh riot. Its going to be interesting to see what unfolds from all of this. Information is the new gold now a days.

1 person liked this | jackal2687 said:

I would love to see if they release the info that it turns out that most of the US Congress and perhaps presidency is on the payroll.

Arris Arris said:

We had some middle eastern clients cut their access to the outside world altogether because of this, then wondered why their data wasn't being updated.... /facepalm.

ryanb2145 said:

As long as it can't save itself to the cmos chip then ya wiping the hard drives (and other media possibly) would do it. :o

I'm honestly wouldn't be surprised if they used this to raise prices.

ryanb2145 said:

As long as it can't save itself to the cmos chip then ya wiping the hard drives (and other media possibly) would do it. :o

I'm honestly wouldn't be surprised if they used this to raise prices.

Sorry typo: I honestly

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.