Browsing 'virus attack' News

Hold it… It could be interpreted as an act of war.

J. Michael McConnell, a senior vice president at consulting firm Booz Allen, regarding a canceled 2010 deal to develop a cyber-center in Qatar, after learning that the country sought US personnel “potentially to carry out attacks on regional adversaries,” the Washington Post reports.

The implications of getting too enmeshed in the cyber-safety of other nations is especially relevant now, as Gulf countries seek help from American experts on ramping up their security, the Post states.

Just months ago, Qatar and Saudi Arabia experienced virus attacks that the US blames on Iran.

But even if such countries are willing to pay “quite a lot of money” to go on the offensive, international contracts should be brokered carefully, defense officials said.

It’s a sensitive thing for a company to go down the path of training for offense, even with approval,” said (former national security official Benjamin) Powell. “You’re closer to the pointy end of the spear.”


Credit: Photo by hj barraza

The Shamoon virus that is thought to have attacked Saudi oil company Aramco and Qatar’s RasGas weeks later may have been launched by Iran, American intelligence officials have said.

The cyberattack on Aramco was “probably the most destructive attack that the private sector has seen to date,” US Defense Secretary Leon E. Panetta said during a meeting with business leaders last week.

Though Panetta mentioned Iran and cyber warfare in the broadest terms, other officials told media outlets that a connection between Iran and the Shamoon virus definitely existed.

The New York Times reports:

Saudi Arabia is Iran’s main rival in the region and is among the Arab states that have argued privately for the toughest actions against Iran. Aramco, the Saudi state oil company, has been bolstering supplies to customers who can no longer obtain oil from Iran because of Western sanctions…

“His speech laid the dots alongside each other without connecting them,” James A. Lewis, a senior fellow at the Center for Strategic and International Studies, wrote Friday in an essay for “Iran has discovered a new way to harass much sooner than expected, and the United States is ill-prepared to deal with it.”

It took weeks for Aramco and RasGas to recover from the virus attack that infected their computer systems, though both assert that gas and oil production were not affected by the infiltration.

Saudi Aramco, which was struck on Aug. 15, eventually threw out some 30,000 computers infected with the virus.

Employees at RasGas, whose website went down after it was infected later that month, had no access to email for weeks as the company struggled to get back online.


Credit: Photo by Mohammed Al-Meer

A source at RasGas tells us that its computer systems have yet to fully recover from the virus attack that hit the company more than a week ago on Aug. 27.

Though the company has declined to provide an official update, we are told that it “may take weeks” for systems to be fully functioning again.

A company spokesperson told Doha News at the time of the attack that administrative services like email were affected, but that LNG production in Ras Laffan and cargo deliveries are continuing as usual. 

According to internet security firm Symantec, the attack is part of an increase in cybercrime in the region:

“One contributing factor is that attack toolkits are now more readily available on the black market,” a spokeswoman told Doha News.

These toolkits are cheap and make it easier for even less advanced cybercriminals to put together attacks that can cause serious issues for their targets. Another reason that there could be a rise looking forward is due to the popularity and the interest that these attacks receive.” 

As to when an attack like the one RasGas faces could be overcome:

“It depends on the number of machines that have been compromised and the damage to the system, but it could take weeks to recover from a large scale targeted attack that is affecting a large number of machines,” the spokeswoman said.

It took nearly two weeks for Saudi Aramco to recover from a similar attack that incapacitated its internal computer networks on Aug. 15, which infected some 30,000 workstations.

That attack was claimed by a group calling itself the “Cutting Sword of Justice,” which said it was targeting the Al-Saud ruling family of Saudi Arabia for “atrocities taking place in… Syria, Bahrain, Yemen, Lebanon [and] Egypt.”

An article by Dow Jones newswire – published in the Wall Street Journal – claims that the virus which is believed to have been used to attack Aramco, Shamoon, was also used in the attack on RasGas.

It’s not clear, however, if the two attacks on Aramco and RasGas were carried out by the same group. And some analysts told AP that Iran might be behind the attacks.

Security firm Symantec, quoted by the BBC, describes the effect of the Shamoon virus:

“It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable. Once infected, the machines’ data is wiped. A list of the wiped files is then sent back to the initially infected computer, and in turn passed on to the attacker’s command-and-control centre.”

Meanwhile, we wonder what life is like for RasGas staff without email.


Credit: Photo of Ras Laffan Industrial City courtesy of Shell