Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cyber Attack Knocks Offline Saudi Aramco

timothy posted more than 2 years ago | from the just-communicate-with-oil dept.

Government 67

wiredmikey writes "Saudi Aramco, Saudi Arabia's national oil company and the largest oil company in the world, confirmed that is has been hit by a cyber attack that resulted in malware infecting user workstations and forcing IT to kill the company's connection to the outside world. '..An official at Saudi Aramco confirmed that the company has isolated all its electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption that affected some of the sectors of its electronic network,' the company wrote in a statement. This incident follows an attack on systems at the National Iranian Oil Company back in April, when a virus was detected inside the control systems of Kharg Island oil terminal, which also resulted in the company taking its systems offline. In response to continued cyber attacks against its networks and facilities, Iran earlier this month said it plans to move key ministries and state bodies off the public Internet to protect them from such attacks."

cancel ×

67 comments

Sorry! There are no comments related to the filter you selected.

Government & Stealth Malware (-1, Troll)

Anonymous Coward | more than 2 years ago | (#41013057)

Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware

In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the 'curious' malware I've come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are 'on the take', compromised themselves, and/or working for a government entity.

Search enough, and you'll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some 'strange infection'. These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the 'strange infection' posts are left to age and end up in a lost pile of old threads.

If you're persistent, the usual challenge is to, "prove it or STFU" and if the thread is not attacked or locked/shuffled and you're lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyone's BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use - which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, "the only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranet" but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, it's not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what you're doing, and even then... you won't notice it.

Back to the Windows users, a lot of them will dismiss any strange activity to, "that's just Windows!" and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, I've observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesn't exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for China's people. For other, freer countries, however, the concentration camps exist but you wouldn't notice them, they originate from media, mostly your TV, and you don't even know it. As George Carlin railed about "Our Owners", "nobody seems to notice and nobody seems to care".

[3] http://www.stallman.org/ [stallman.org]

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it won't be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe we're mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and "nobody seems to notice and nobody seems to care".

##

Schneier has covered it before: power line fluctuations (differences on the wire in keys pressed).

There's thermal attacks against cpus and temp, also:

ENF (google it)

A treat (ENF Collector in Java):

sourceforge dot net fwdslash projects fwdslash nfienfcollector

No single antimalware scanner exists which offers the ability to scan (mostly proprietary) firmware on AGP/PCI devices (sound cards, graphics cards, usb novelty devices excluding thumb drives), BIOS/CMOS.

If you boot into ultimate boot cd you can use an archane text interface to dump BIOS/CMOS and examine/checksum.

The real attacks which survive disk formats and wipes target your PCI devices and any firmware which may be altered/overwritten with something special. It is not enough to scan your hard drive(s) and thumb drives, the real dangers with teeth infect your hardware devices.

When is the last time you:

Audited your sound card for malware?
Audited your graphics card for malware?
Audited your network card for malware?

Google for:

* AGP and PCI rootkit(s)
* Network card rootkit(s)
* BIOS/CMOS rootkit(s)

Our modern PC hardware is capable of much more than many can imagine.

Do you:

* Know your router's firmware may easily be replaced on a hacker's whim?
* Shield all cables against leakage and attacks
* Still use an old CRT monitor and beg for TEMPEST attacks?
* Use TEMPEST resistant fonts in all of your applications including your OS?
* Know whether or not your wired keyboard has keypresses encrypted as they pass to your PC from the keyboard?
* Use your PC on the grid and expose yourself to possible keypress attacks?
* Know your network card is VERY exploitable when plugged into the net and attacked by a hard core blackhat or any vicious geek with the know how?
* Search out informative papers on these subjects and educate your friends and family about these attacks?
* Contact antimalware companies and urge them to protect against many or all these attacks?

Do you trust your neighbors? Are they all really stupid when it comes to computing or is there a geek or two without a conscience looking to exploit these areas?

The overlooked threat are the potential civilian rogues stationed around you, especially in large apartment blocks who feed on unsecured wifi to do their dirty work.

With the recent news of Russian spies, whether or not this news was real or a psyop, educate yourself on the present threats which all antimalware scanners fail to protect against and remove any smug mask you may wear, be it Linux or OpenBSD, or the proprietary Windows and Mac OS you feel are properly secured and not vulnerable to any outside attacks because you either don't need an antivirus scanner (all are inept to serious attacks) or use one or several (many being proprietary mystery machines sending data to and from your machine for many reasons, one is to share your information with a group or set database to help aid in threats), the threats often come in mysterious ways.

Maybe the ancients had it right: stone tablets and their own unique language(s) rooted in symbolism.

#

I'm more concerned about new rootkits which target PCI devices, such as the graphics card and the optical drives, also, BIOS. Where are the malware scanners which scan PCI devices and BIOS for mismatches? All firmware, BIOS and on PCI devices should be checksummed and saved to match with others in the cloud, and archived when the computer is first used, backing up signed firmware.

When do you recall seeing signed router firmware upgrades with any type of checksum to check against? Same for PCI devices and optical drives and BIOS.

Some have begun with BIOS security:

http://www.biosbits.org/ [biosbits.org]

Some BIOS has write protection in its configuration, a lot of newer computers don't.

#

"Disconnect your PC from the internet and don't add anything you didn't create yourself. It worked for the NOC list machine in Mission Impossible"

The room/structure was likely heavily shielded, whereas most civvies don't shield their house and computer rooms. There is more than meets the eye to modern hardware.

Google:

subversion hack:
tagmeme(dot)com/subhack/

network card rootkits and trojans
pci rootkits
packet radio
xmit "fm fingerprinting" software
"specific emitter identification"
forums(dot)qrz(dot)com

how many malware scanners scan bios/cmos and pci/agp cards for malware? zero, even the rootkit scanners. have you checksummed/dumped your bios/cmos and firmware for all your pci/agp devices and usb devices, esp vanity usb devices in and outside the realm of common usb devices (thumbdrives, external hdds, printers),

Unless your computer room is shielded properly, the computers may still be attacked and used, I've personally inspected computers with no network connection running mysterious code in the background which task manager for windows and the eqiv for *nix does not find, and this didn't find it all.

Inspect your windows boot partition in *nix with hexdump and look for proxy packages mentioned along with command line burning programs and other oddities. Computers are more vulnerable than most would expect.

You can bet all of the malware scanners today, unless they are developed by some lone indy coder in a remote country, employ whitelisting of certain malware and none of them scan HARDWARE devices apart from the common usb devices.

Your network cards, sound cards, cd/dvd drives, graphics cards, all are capable of carrying malware to survive disk formatting/wiping.

Boot from a Linux live cd and use hexdump to examine your windows (and *nix) boot sectors to potentially discover interesting modifications by an unknown party.

#
eof

When I was (4, Interesting)

Dyinobal (1427207) | more than 2 years ago | (#41013075)

When I was a Jr IT Admin, and our systems got infected a some Malware, or a worm we didn't call it a cyber attack, we just bitched about it and fixed the problem and wondered who the hell opened the attachment they got in their email.

Re:When I was (-1)

Anonymous Coward | more than 2 years ago | (#41013139)

Because you worked for one of the largest targets for corporate espionage in the world, right?

Re:When I was (4, Funny)

Nrrqshrr (1879148) | more than 2 years ago | (#41013153)

But then how did you blame the Zionist lobbies?

Re:When I was (1)

fm6 (162816) | more than 2 years ago | (#41013607)

No no, the Zionist Lobbies secretly control [youtube.com] all American politicians. They're too busy with that to bother with sabotage. For that, look to Mossad [foreignpolicy.com] . Let's keep our conspiracy theories straight!

Re:When I was (1)

SlashDev (627697) | more than 2 years ago | (#41016721)

No need to blame anyone when they openly take credit.

Re:When I was (4, Interesting)

Krneki (1192201) | more than 2 years ago | (#41013207)

There is a key difference.

You got infected by a generic virus. In this case it seems the attack was specifically designed to target this company.

On a side note. Let me guess, another Windows IT infrastructure.

Re:When I was (1)

Trepidity (597) | more than 2 years ago | (#41013263)

That's not clear from what's being reported here. The summary mentions a facility-specific attack on an Iranian oil terminal, but from the description this Saudi virus infection just seems to be an ordinary infection of a bunch of PC workstations.

Re:When I was (2)

jhoegl (638955) | more than 2 years ago | (#41013365)

Yeah, the article links the two but the articles information shows it as being a generalized malware or virus. They may be being overcautious on this one, but the article attempts to inject fear, speculation, and link an unrelated incident to this.
Glad I have adblocker to make sure these fearmongering to sell adspace jackasses got no money from my visit.

Sales! (1)

number6x (626555) | more than 2 years ago | (#41013817)

Someone has a new IT infrastructure they want to sell to the Saudis.

First create the demand with the 'cyber attack', then be ready to supply the solution.

Should be able to charge a huge price tag.

Re:Sales! (2)

Candyban (723804) | more than 2 years ago | (#41015619)

Someone has a new IT infrastructure they want to sell to the Saudis.

First create the demand with the 'cyber attack', then be ready to supply the solution.

Should be able to charge a huge price tag.

First of all they already pay a huge price tag for everything. That is the downside of having too much money and no need for anyone to actually understand anything.

Second, if you knew how things were run, you would be surprised we do not have continuous failures due to infections.

Transformers, switchgear and other control room infrastructure is built and once every 5 years someone will go there to change some filters. The whole thing runs 24/7 automatically and is being monitored remotely. After 20+ years, the substation is in need of an overhoal or it is decomissioned.
Before 2000, most "logic" components were either PLC or electrical circuitry. Nowadays more and more components are electronic (cheaper, more flexible and more accurate) and controlled by "regular" PCs running windows.
As I said before, no living soul enters the substations in 5 years and noone will update components (if it ain't broken, don't fix it). However other substations (in the process of being constructed) have the broadest range of computer illiterates, all typing stuff on their old laptops and passing around memory sticks, clicking whatever to get rid of pesky popups, running in and out of the construction yard.

Re:When I was (4, Interesting)

IamTheRealMike (537420) | more than 2 years ago | (#41014371)

On a side note. Let me guess, another Windows IT infrastructure.

Absolutely. That's not because Saudi Aramco is incompetent. I believe they would actually be one of the largest companies in the world, if they weren't state owned. They run operations on a truly mind blowing scale with very few problems or disruptions (when was the last time you heard about them?).

The reason is unfortunately far more depressing than one incompetent company. The reason is that the industrial process control world long ago standardized on Microsoft DCOM as the protocol used for monitoring and controlling large systems. DCOM is an insanely complicated protocol - trust me on this, I'm one of the very few people in the world who has reimplemented it. Therefore it's natural to use Microsofts implementation, which means Windows. Technically the protocol is called "OLE for Process Control" (OPC). In particular Saudi Aramcos Abqaiq stabilization facility, through which around 1/8th of the worlds oil supply flows, uses OPC extensively [integrationobjects.com] .

Incidentally Abqaiq, like all of Aramcos big facilities, is defended by some pretty insane security. The guards there are heavily armed and shoot first, ask questions later. They need to - a few years ago suicide bombers attempted to detonate a truck inside the complex [saudidefence.com] . I've read they also have SAM sites and fighter jets on 24/7 standby in case somebody tries to crash a plane into it.

I think it's very likely that this is an extension of America and Israels war against Iran, targeting their industrial/economic infrastructure instead of just uranium enrichment. The MO matches that of Stuxnet and we know that they're rather careless about letting their creations escape and cause havoc outside the intended targets. The stories we saw recently about code encrypted under a hash of various file paths sounds strongly like it was intended to match an unknown computer that performs a specific function, rather than a specific computer that was already reconned, otherwise the key could just be a hash of the HDD serial numbers/MAC addresses or other things that are less likely to change. One can imagine that the target computer might be inside an Arabic speaking oil refinery. Typically these refineries and facilities are built by a small number of western contractors. One can also imagine that computers meeting the target configurations exist not only in Iranian facilities but also other countries.

Re:When I was (1)

Krneki (1192201) | more than 2 years ago | (#41015371)

I understand, you need Windows to operate the main system, but ... you can isolate this servers from the rest of your network. Make them accessible only via Remote desktop and have all the other PCs on Linux. Yes, it costs more and you need to train your employees to use different GUIs. In the end is your improved downtime and security worth the cost?

Re:When I was (1)

rtfa-troll (1340807) | more than 2 years ago | (#41027257)

you can isolate this servers from the rest of your network.

In the end you need to get data to and from the computers. As long as you have buffer overflows and executable data formats like excel and word there will be a way in. Remember the Stuxnet attacks against Iran were based on USB pen drive transfers. This means that network isolation is not adequate on its own and may even be an outdated counterproductive move.

Re:When I was (1)

blind biker (1066130) | more than 2 years ago | (#41029145)

I think it's very likely that this is an extension of America and Israels war against Iran, targeting their industrial/economic infrastructure instead of just uranium enrichment. The MO matches that of Stuxnet and we know that they're rather careless about letting their creations escape and cause havoc outside the intended targets. The stories we saw recently about code encrypted under a hash of various file paths sounds strongly like it was intended to match an unknown computer that performs a specific function, rather than a specific computer that was already reconned, otherwise the key could just be a hash of the HDD serial numbers/MAC addresses or other things that are less likely to change. One can imagine that the target computer might be inside an Arabic speaking oil refinery. Typically these refineries and facilities are built by a small number of western contractors. One can also imagine that computers meeting the target configurations exist not only in Iranian facilities but also other countries.

Iran is not an Arabic country, Iranians are not Arabs, they do not speak Arabic - they speak Farsi. It's a completely different language, and while they do use a version of the Arabic script, the words are completely different and folders, paths etc. will be likewise entirely different between an Iranian and an Arab installation.

Re:When I was (0)

Anonymous Coward | more than 2 years ago | (#41016765)

as far as I know most of their equipment is linux based

Re:When I was (0)

Anonymous Coward | more than 2 years ago | (#41025571)

It's not a generic virus. It has affected workstations on a widespread scale which now no longer boot to an operating system (sounds like boot sector or something trashed). How many current generic viruses do this rather than allowing remote access, spamming etc? The goal was to knock out infrastructure not take over systems for general malware purposes. Then again, their own IT department may have done something remotely to disable all workstations while they work to recover everything? There's no official statement yet and I can only go on what I've been told by an employee there.

Re:When I was (1)

camperslo (704715) | more than 2 years ago | (#41013317)

These sorts of attacks go well beyond an inconvenience on a desktop, potentially affecting physical operations. It seems like the media doesn't know enough to dig deeper when something goes wrong.

Examples of media not doing investigative journalism:
No reports that I could find mentioned the possiblity of a cyber event, or solar flares and the arriving CME as possibly affecting power in India recently. They were quick to blame capacity, even though the initial outage struck at about 2 AM, which is not at peak demand.

Poop spills in California
http://www.fresnobee.com/2012/08/01/2932799/reedley-sewage-leaked-for-10-hours.html [fresnobee.com]

"alert system" sure sounds like control system to me. And two of them were affected at once, not typical for a hardware problem.

http://www.keyt.com/news/local/san-luis-obispo-county/Sewage-Spill-Dumps-600-Gallons-into-the-Ocean-163635726.html [keyt.com]

And the Richmond refinery near San Francisoc had problems around the same time.

Re:When I was (0, Funny)

Anonymous Coward | more than 2 years ago | (#41013383)

No shit, Sherlock.

Re:When I was (0)

Anonymous Coward | more than 2 years ago | (#41013351)

Getting infected with malware is not the same as getting hit with a cyber attack that resulted in a malware infection. I am guessing that they have solid evidence of an intrusion, and that the malware was directly linked to the intrusion. I am guessing that it also isn't just some annoying popup/scamware problem, nor is it a generic botnet. Most likely, a lot of systems started bugging out at the same time, they found the malware, noticed that it wasn't some generic worm, looked at server logs, found the command which launched the malware, traced that user to an abnormal source ("an IP address in China? We don't have any workers in, or routing through, China"). That's a very simplified version, and only the real security experts would know just how complicated the intrusion investigation process really is.

Re:When I was (1)

X.25 (255792) | more than 2 years ago | (#41014263)

When I was a Jr IT Admin, and our systems got infected a some Malware, or a worm we didn't call it a cyber attack, we just bitched about it and fixed the problem and wondered who the hell opened the attachment they got in their email.

Yes, because what you've been hit with is exactly the same as what they've been hit with.

SIgh.

Re:When I was (0)

Anonymous Coward | more than 2 years ago | (#41016675)

That's when you were a Jr. :) A Sr. Admin would automatically classify this as a wide network-threat as infection spreads very quickly.

Re:When I was (1)

CAIMLAS (41445) | more than 2 years ago | (#41025109)

There are different approaches to the same problem, often with different motivations (even for the same outcome).

In this case, I'm guessing it's because they either have highly skilled Westerners working for them and there was a really bad threat, or this is a typical display of Arab Ingenuity. For whatever reason, "fixing" something over there means hitting it with a hammer until it's fixed, Inshallah.

Interesting that the outcome may have been from drastically oppositional approaches. :P

FROMATES to the rescue (0)

Anonymous Coward | more than 2 years ago | (#41013079)

Any idea which Microsoft Windows vulnerability was exploited?

Re:FROMATES to the rescue (1)

Anonymous Coward | more than 2 years ago | (#41014111)

The human.

is it wrong? (1)

Anonymous Coward | more than 2 years ago | (#41013113)

Is it wrong that I feel like cheering?

They don't want us to be able to see scantily clad women. That makes me pissed off right there.

Re:is it wrong? (0)

Anonymous Coward | more than 2 years ago | (#41013395)

They got a point - you with your bare ankle pictures.

Re:is it wrong? (3, Interesting)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#41013455)

Is it wrong that I feel like cheering?

They don't want us to be able to see scantily clad women. That makes me pissed off right there.

On the other hand, this was an attack against their oil export capacity. The faster the rest of the world can suck the hydrocarbons out of the middle east, the faster we can go back to letting them fight amongst themselves over god's own sandbox on earth...

Re:is it wrong? (1)

Jeng (926980) | more than 2 years ago | (#41014517)

the faster we can go back to letting them fight amongst themselves over god's own litterbox on earth

Fixed that for you. God made cats in his own image, we are merely servants.

Re:is it wrong? (1)

VortexCortex (1117377) | more than 2 years ago | (#41021153)

No. The faster we can stop sucking oil out the better. Raising the price of oil actually helps in this regard.

Re:is it wrong? (1)

SuricouRaven (1897204) | more than 2 years ago | (#41014789)

The target is an arm of the Saudi state. The same state which makes it a criminal offense to try to preach any faith other than Islam, or for women to leave the house without their male owner in escort. This attack is just a big game of Dicks vs Assholes, and right now I'm cheering for the Dicks.

Old news (0)

Anonymous Coward | more than 2 years ago | (#41013193)

This is so Jurassic Park.

Submitter writes weirdly headlines (1)

wonkey_monkey (2592601) | more than 2 years ago | (#41013195)

That is all.

Re:Submitter writes weirdly headlines (1)

governorx (524152) | more than 2 years ago | (#41013697)

Weirdly Headlines Submitter Writes

Re:Submitter writes weirdly headlines (1)

Bob the Super Hamste (1152367) | more than 2 years ago | (#41013745)

I think we now know Yoda's /. user name name though.

Re:Submitter writes weirdly headlines (1)

MrMe (172559) | more than 2 years ago | (#41013901)

A mere imposter if that is the case. Yoda would say something like "Offline cyber attack knocks Saudi Armaco hmmmmmm"

hindsight as a security policy (1)

Nyder (754090) | more than 2 years ago | (#41013227)

Iran earlier this month said it plans to move key ministries and state bodies off the public Internet to protect them from such attacks

One wonders why they were on the internet (public or otherwise) to begin with.

Re:hindsight as a security policy (2)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#41013471)

To download critical security updates and antirvirus definitions! Don't you care about Best Practices?

Re:hindsight as a security policy (1)

Bob the Super Hamste (1152367) | more than 2 years ago | (#41013865)

I know you were going for funny but it is sadly informative. This is way more common than it should be but is driven by higher ups who think they know better.

Re:hindsight as a security policy (1)

tlhIngan (30335) | more than 2 years ago | (#41013563)

Iran earlier this month said it plans to move key ministries and state bodies off the public Internet to protect them from such attacks

One wonders why they were on the internet (public or otherwise) to begin with.

Because they need to communicate with citizens? It's like a business that has a website, but insists that you phone htem to place an order because they don't want to have an attack that may expose customer data.

Of course, even airgapped networks aren't invulnerable... I hear some centrifuges got destroyed despite the control systems working on a completely separate, airgapped network, because said control systems got infected. What was it called? Stacks-net? Stock-net?

Is it bad that when they mentioned Kharg Island... (1)

jpedlow (1154099) | more than 2 years ago | (#41013235)

...I thought of battlefield 3 and ripping through there in a littlebird heli? :D :\

largest company of any kind in the world actually (0)

Anonymous Coward | more than 2 years ago | (#41013239)

not just oil

Fun (0)

benjfowler (239527) | more than 2 years ago | (#41013267)

War between heavily-armed sectarian enemies who hate each other even more than they hate the dirty kuffar West. That's what I call a self-cleaning oven.

*gets popcorn*

This is gonna be *FUN*

Ok then (1)

Impy the Impiuos Imp (442658) | more than 2 years ago | (#41013461)

They aseume it got in through official channels rather than myriad censor-bypassing routes, including smart phone tethering.

weird (1)

Anonymous Coward | more than 2 years ago | (#41013507)

why would the jews and americans attack americas number one ally in the middle east?

Some would say Israel (4, Insightful)

ThatsNotPudding (1045640) | more than 2 years ago | (#41013543)

I would bet crooked (as if there are any other kind) daytraders.
1. Buy up oil futures.
2. Release your malware and let the news cycle gin up oil prices.
3. Profit!!

Re:Some would say Israel (0)

Anonymous Coward | more than 2 years ago | (#41014525)

Ssssshhhhh....

sgt_doom

Re:Some would say Israel (1)

sneakyimp (1161443) | more than 2 years ago | (#41014917)

Great idea Mortimer! It almost worked with all that Frozen Concentrated OJ.

Re:Some would say Israel (1)

HornWumpus (783565) | more than 2 years ago | (#41019573)

What you are looking for is out of the money call options.

They let you buy something in the future at a price higher then forecast plus expected uncertainty and are generally pretty cheap. You can buy a metric assload of them.

If you are expecting something to drop in price you want out of the money put options.

Key advantage. Your loses are limited to the up front premium.

Re:Some would say Israel (0)

Anonymous Coward | more than 2 years ago | (#41021019)

"They let you buy something in the future at a price higher then forecast plus expected uncertainty and are generally pretty cheap."

Could you write that in English please, is it higher than or higher then.

Re:Some would say Israel (1)

HornWumpus (783565) | more than 2 years ago | (#41025039)

Fuck off grammarian. Get cancer of the asshole and die slowly.

Re:Some would say Israel (0)

Anonymous Coward | more than 2 years ago | (#41028569)

LOL, grammar? no, the problem is you can't spell a simple word like 'than'. Fucked up United States of Americanian fucking up the beautiful language the British gave you. Just because you pronounce words like you have a large a asthmatic bee in your nose doesn't mean you have to spell it like you sound it.

in the article (1)

nimbius (983462) | more than 2 years ago | (#41014133)

this attack only affected workstations, so its safe to assume it wasnt taylored specifically to the corporation like say stuxnet.

more importantly, who seriously cares. it seems like every other article about malware or worms is ginned up as a cyber attack or cyber terrorism or some other buzzword invented by the DoD or defense contractors to gin up support for defense spending. If we're keeping score, the siberian pipeline attack by the CIA in 1982 is when "cyber" attacks first started. http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage [wikipedia.org]

what are these systems doing on the internet?? (1)

lkcl (517947) | more than 2 years ago | (#41014225)

i have a simple question. why are these systems - and systems like them in the USA such as power grid systems - attached to the world-wide internet in the first place? surely people understand that critical systems must be physically isolated, yes? they do have two computers, one on each side of the room, yes? one set of computers controls the critical hardware, and the other set is for administrative purposes, to do email, surf for porn when the staff are bored and so on, yes? do these people in these companies, whether they be in iran, iraq, saudi arabia or the USA, not understand basic security procedures for running mission-critical systems??

Re:what are these systems doing on the internet?? (1)

SuricouRaven (1897204) | more than 2 years ago | (#41014833)

I think perhaps they are, but the reporting doesn't describe exactly what was infected. Not all of the computers at any large organisation are used for ultra-high-security work - there's also a lot of office staff with desktops for routine administrative things which become a lot easier if they have email and web access to do research and communicate with the outside world.

sp0Nge (-1)

Anonymous Coward | more than 2 years ago | (#41015039)

Don't be a sling WheTher yo9u

Interesting side effects may come from this (1)

Anonymous Coward | more than 2 years ago | (#41015109)

Interesting side effects may come from this. These are very targeted and sophisticated attacks, the hardest to defend against. Countries like Iran and Saudi Arabia could become the security leaders in the world simply from having to defend themselves against the best of the best.

One thing China is very good at is not showing their hand too early. They plan long term, infiltrate, bide their time and strike when everything is perfect, leaving their targets unprepared (scary, huh?). This is in contrast to whoever is attacking Iran and Saudi, really they're just making them stronger by helping them build their skills, defenses, and techniques.

Re:Interesting side effects may come from this (3, Informative)

EmagGeek (574360) | more than 2 years ago | (#41015655)

Not entirely true. China does occasionally show a card or two in their hand, like surfacing an attack sub in the middle of a US carrier strike group.

Gn4a (-1)

Anonymous Coward | more than 2 years ago | (#41015155)

WOULD YOU LIKE TO beyond the 5cope of lost 1ts earlier

Motivation (2)

GameboyRMH (1153867) | more than 2 years ago | (#41015333)

No way the US or Israel would strike at the jugular of the world's economy, it doesn't make sense. I'd guess Iran (make some countries drop the embargo), "wreck their shit" anarchists (this is a great way to wreck shit) or eco-terrorists (reduce CO2 emissions and give the world a taste of what will happen when the oil runs out).

Yep, they all run windows. (1)

Anonymous Coward | more than 2 years ago | (#41015621)

I used to work for a process controls company. Everything migrated from purpose-built embedded code and machines to COTS hardware to "save money."

The result was that the system became 5 times more expensive, 10 times more complicated, and 20 times more failure-prone.

Instead of buying a $1000 control board that was built for its special purpose, our customers instead had to buy a $10,000 PC running Windows, preinstalled with the McAfee Virus (which caused plenty of problems of its own with real-time control), a $4000 communications board to interface with the control network, and another $25,000 worth of special software to duct-tape the control platform to the new "cheaper" commercial-off-the-shelf control master.

Of course, doing this enabled them to use "commodity talent" rather than actual seasoned hardware engineers, so of course some VP got his huge bonus for moving jobs overseas. And, the customers suffered.

Re:Yep, they all run windows. (1)

HornWumpus (783565) | more than 2 years ago | (#41019587)

Where can I buy a 10K PC?

That machine must rock. How many FPS?

Re:Yep, they all run windows. (1)

CAIMLAS (41445) | more than 2 years ago | (#41025221)

You're an idiot.

$10k is a not-uncommon cost for a middle of the range IBM server.

Re:Yep, they all run windows. (1)

HornWumpus (783565) | more than 2 years ago | (#41039825)

Server used for embedded control? SAN array as well?

Ignorance (0)

Anonymous Coward | more than 2 years ago | (#41022009)

Cyber Attack Knocks Offline Saudi Aramco

I had to read that headline three times before I understood what the author intended.

Why? Because of his misuse of the word "offline". He meant to write "off line".

Oil Prices Sky Rocket (0)

Anonymous Coward | more than 2 years ago | (#41023465)

Great, oil prices will skyrocket now.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>